home

flashplayersetup__4743_i1040925490_il34.exe

Wilmaonline LTD.

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application flashplayersetup__4743_i1040925490_il34.exe by Wilmaonline has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Wilmaonline LTD.  (signed and verified)

Version:
1.1.1.72

MD5:
c7652b613ac5718fd6878bfb17a63b1d

SHA-1:
1ffe6e8efb151ed66990199df0042b2a3dba8948

SHA-256:
7fdd6badf490a8c8dfd27a76a31a394efa8e6375b3dc388278d22021d16d9c0b

Scanner detections:
11 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
2/25/2025 6:31:29 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.07.15

avast!
Win32:Amonetize-CI [PUP]
2014.9-151008

AVG
Generic_r
2016.0.2962

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.15108

Dr.Web
Adware.Downware.5717
9.0.1.0281

ESET NOD32
Win32/Amonetize.BG (variant)
9.10094

G Data
Win32.Application.Amonetize
15.10.24

Malwarebytes
PUP.Optional.Amonetize
v2015.10.08.08

NANO AntiVirus
Riskware.Win32.Amonetize.dcckkw
0.28.0.60698

Reason Heuristics
PUP.Brightcircle.Wilmaonline.Bundler (M)
15.10.8.20

File size:
330.7 KB (338,624 bytes)

Product version:
1.1.1.72

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flashplayersetup__4743_i1040925490_il34.exe

Digital Signature
Signed by:
Wilmaonline LTD.

Authority:
Thawte, Inc.

Valid from:
7/6/2014 9:00:00 PM

Valid to:
8/6/2015 8:59:59 PM

Subject:
CN=Wilmaonline LTD., O=Wilmaonline LTD., L=Raanana, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B7DF4C242BFBB654DA05B78A86926AA

File PE Metadata
Compilation timestamp:
7/4/2014 12:07:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:Dck/KG/pZywzTBQyABDmFFEx8f0B92hsXgP4dyX8:DckfhEwzTSGEybQgPf8

Entry address:
0x11277

Entry point:
E8, BA, 46, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 3C, 2D, 42, 00, 00, 75, 18, E8, B4, 3D, 00, 00, 6A, 1E, E8, FE, 3B, 00, 00, 68, FF, 00, 00, 00, E8, 97, F6, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40...
 
[+]

Code size:
94.5 KB (96,768 bytes)

The file flashplayersetup__4743_i1040925490_il34.exe has been seen being distributed by the following URL.

http://fra1.ib.adnxs.com/click?JU4hnrkKmD-QnCZ06aGSPxsv3SQGgaU_kJwmdOmhkj8lTiGeuQqYP7ilcTmTtBx7BsR1xmf4f1oRCMRTAAAAAHMKJQCZBwAAdgIAAAIAAACs3c8AF9cFAAAAAQBVU0QAVVNEACwB-gBzDwAA8doAAgUAAQIAAI4AzyRldAAAAAA./cnd=!4gUvOAjMt4QCEKy7vwYYl64XIAA./referrer=http://www.youtube.com/watch?v=4T3-nCHPX2Q/clickenc=http://.../direct-download.html?version=1.1.1.72&ci=5462&capp=FlashPlayer&ti1=fra1CIaI17P8jP6_WhACGLjLxsuzkq2OeyINOTUuMTEwLjExLjE1MCgBMJGQkJ4F&ti2=2427507&ti3=${APN}

Remove flashplayersetup__4743_i1040925490_il34.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.