home

font__7226_il514.exe

The application font__7226_il514.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a setup program which is used to install the application. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.vacation-download.com and multiple other hosts.
Version:
1.1.5.26

MD5:
9b71485cde902e9d1d2dcbdcd752b673

SHA-1:
9ef0eba0057a6a2b1e4a0b6dff867bcda7d93fa0

SHA-256:
4f99722a884a612baabbaa446e04e53096ff895606563bcced724859ca976db6

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 9:51:25 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.798416
861

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.09.27

Avira AntiVirus
Adware/Amonetize.BR
7.11.174.222

AVG
Generic_r
2015.0.3339

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.14927

Bitdefender
Application.Generic.798416
1.0.20.1350

Dr.Web
Adware.Downware.8618
9.0.1.0270

ESET NOD32
Win32/Amonetize.BR (variant)
8.10469

G Data
Application.Generic.798416
14.9.24

Malwarebytes
PUP.Optional.Amonetize
v2014.09.27.04

McAfee
Artemis!9B71485CDE90
5600.6995

MicroWorld eScan
Application.Generic.798416
15.0.0.810

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.27.4

Sophos
Generic PUA JO
4.98

VIPRE Antivirus
Trojan.Win32.Generic
33442

File size:
380.5 KB (389,632 bytes)

Product version:
1.1.5.26

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\font__7226_il514.exe

File PE Metadata
Compilation timestamp:
9/16/2014 10:22:23 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:8Z2KRA+AqItby06N9DejUmbKdxjjg8ESkbYVTIedsKs9jNw2QgAchAX+t3f/R2P5:gRASmmZVejUWKLjjg8Eufq9jNw2Qp0Mx

Entry address:
0x14CC0

Entry point:
E8, 53, 6A, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 44, 5E, 3C, 00, 00, 75, 18, E8, D1, 60, 00, 00, 6A, 1E, E8, 1B, 5F, 00, 00, 68, FF, 00, 00, 00, E8, B6, F4, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 44, 5E, 3C, 00, FF, 15, 58, D1, 3B, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 44, 5E, 3C, 00, 00, 75, 18, E8, 87, 60, 00, 00, 6A, 1E, E8, D1, 5E, 00, 00, 68, FF, 00, 00, 00, E8, 6C, F4, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Code size:
174 KB (178,176 bytes)

The file font__7226_il514.exe has been seen being distributed by the following 2 URLs.

http://www.vacation-download.com/tdownload.php?s1=12f7ff50d08b938b1b30f43edb143d3fb510231d&t1=1411650002&myref=dm&campid=9413&version=1.1.5.26&instid[appname]=Terraria Full Game&instid[appsetupurl]=http://www.mediafire.com/download/.../Terraria 1.2.3.rar&instid[appimageurl]=http://img11.hostingpics.net/pics/575122bar.jpg&prefix=Terraria Full Game Setup&instid[thankyoupage]=http://www.mediafire.com/download/.../Terraria 1.2.3.rar&AMt=1411649820897&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

http://www.front-file.com/allddT.html?myref=dm&campid=9413&version=1.1.5.26&instid[appname]=Terraria Full Game&instid[appsetupurl]=http://www.mediafire.com/download/.../Terraria 1.2.3.rar&instid[appimageurl]=http://img11.hostingpics.net/pics/575122bar.jpg&prefix=Terraria Full Game Setup&instid[thankyoupage]=http://www.mediafire.com/download/.../Terraria 1.2.3.rar&AMt=1411649820897&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

Remove font__7226_il514.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.