font__7226_il1361.exe

ITL-GROUP LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application font__7226_il1361.exe by ITL-GROUP has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
ITL-GROUP LLC  (signed and verified)

Version:
1.1.5.26

MD5:
1b329eaa7d744f9824496b20181be2b6

SHA-1:
f73834c888051a9a2aafd083161310945f528633

SHA-256:
17027e4ed1a617d2f8e8d2c51b11a43dfdd246aafa445fdb673babe9c1bed859

Scanner detections:
21 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/23/2024 10:22:32 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.68509
807

AhnLab V3 Security
PUP/Win32.Amonetize
2014.11.17

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.186.130

avast!
Win32:Amonetize-EC [PUP]
2014.9-141120

AVG
Generic5
2015.0.3280

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.141120

Bitdefender
Gen:Variant.Adware.Strictor.68509
1.0.20.1620

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.68509
8.14.11.20.10

ESET NOD32
Win32/Amonetize.BP (variant)
8.10733

Fortinet FortiGate
Adware/Amonetize
11/24/2014

F-Secure
Gen:Variant.Adware.Strictor.68509
11.2014-20-11_5

G Data
Gen:Variant.Adware.Strictor.68509
14.11.24

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize
14.0.0.2895

Malwarebytes
PUP.Optional.Amonetize
v2014.11.20.10

McAfee
RDN/Generic.bfr!hr
5600.6936

MicroWorld eScan
Gen:Variant.Adware.Strictor.68509
15.0.0.972

Panda Antivirus
Generic Suspicious
14.11.20.10

Reason Heuristics
PUP.Installer.ITLGROUP.R
14.11.21.23

Sophos
Generic PUA PH
4.98

Trend Micro House Call
Suspicious_GEN.F47V1116
7.2.324

VIPRE Antivirus
Trojan.Win32.Generic
34852

File size:
390.2 KB (399,592 bytes)

Product version:
1.1.5.26

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\font__7226_il1361.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
10/19/2014 8:00:00 PM

Valid to:
10/20/2015 7:59:59 PM

Subject:
CN=ITL-GROUP LLC, O=ITL-GROUP LLC, L=Selyshche Doslidne, S=Selyshche Doslidne, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
080AA229F6377F023DF6C8F878AC3719

File PE Metadata
Compilation timestamp:
11/16/2014 9:02:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:aDTRjpzBqPPas34MvzNg5O/1VxAnVHCMAW9Q320RzX4pSIAP9DBTvEX:o/z6Igxg56VOnsMNQGWzXKm9tTvEX

Entry address:
0x20C84

Entry point:
E8, 3A, AB, 00, 00, E9, 89, FE, FF, FF, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 04, E6, 44, 00, 00, 74, 05, E9, A2, AB, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44, 24, 08, 5F...
 
[+]

Entropy:
6.6778

Code size:
226 KB (231,424 bytes)

The file font__7226_il1361.exe has been seen being distributed by the following URL.

Remove font__7226_il1361.exe - Powered by Reason Core Security