foto sizer professional edition 2.02.0.532 full version__3228_il1360479.exe

Installer

The application foto sizer professional edition 2.02.0.532 full version__3228_il1360479.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.moraldownload.com and multiple other hosts. While running, it connects to the Internet address www.ibbalance.com on port 443.
Product:
Installer

Version:
1.1.6.20

MD5:
e88a8bf3004b085b7599792701d8e2e7

SHA-1:
824f70561d19102f6c62198f31626c34d135e338

SHA-256:
f2bda9cca161f1602ac1813e540ae076b78b6f9678d979b485b22da507df6436

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 3:54:29 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.121680
1113

AhnLab V3 Security
Trojan/Win32.Gen
2014.01.06

Avira AntiVirus
APPL/Amonetize.hsn.52
7.11.123.190

avast!
Win32:Rootkit-gen [Rtk]
2014.9-140118

Baidu Antivirus
Trojan.Win32.Amonetize
4.0.3.14118

Bitdefender
Gen:Variant.Adware.Graftor.121680
1.0.20.90

Bkav FE
W32.Clodfc1.Trojan
1.3.0.4613

Dr.Web
Adware.Downware.1729
9.0.1.018

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.121680
8.14.01.18.12

ESET NOD32
Win32/Amonetize (variant)
8.9256

Fortinet FortiGate
W32/Amonetize.W
1/18/2014

F-Secure
Gen:Variant.Adware.Graftor.121680
11.2014-18-01_7

G Data
Gen:Variant.Adware.Graftor.121680
14.1.22

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.2.29

K7 AntiVirus
Trojan
13.175.10735

Malwarebytes
PUP.Optional.Monetizer
v2014.01.18.12

McAfee
Artemis!E88A8BF3004B
5600.7247

MicroWorld eScan
Gen:Variant.Adware.Graftor.121680
15.0.0.54

Panda Antivirus
Suspicious file
14.01.18.12

Trend Micro House Call
TROJ_GEN.F0C2C00LV13
7.2.18

Trend Micro
TROJ_GEN.F0C2C00LV13
10.465.18

VIPRE Antivirus
Trojan.Win32.Generic
25142

File size:
324.5 KB (332,288 bytes)

Product version:
2.1.12

Copyright:
(c) 2012,2013. All rights reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\foto sizer professional edition 2.02.0.532 full version__3228_il1360479.exe

File PE Metadata
Compilation timestamp:
11/21/2013 9:04:35 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:mc0zNoIbuA7iQHKAR4uiNmBVvgvei04PTsnbnvvTh7sDNhAGEaQ6pX:90ZoIbliMHiNmVvEZbcvvTh73Kp

Entry address:
0x27063

Entry point:
E8, 74, 96, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF...
 
[+]

Entropy:
6.4252

Code size:
230 KB (235,520 bytes)

The file foto sizer professional edition 2.02.0.532 full version__3228_il1360479.exe has been seen being distributed by the following 2 URLs.

http://www.moraldownload.com/download.php?version=1.1.6.20&prefix=NCH MixPad Audio.Mixer v3.15 Full Activation Key Number&campid=2963&instid[appname]=NCH MixPad Audio.Mixer v3.15 Full Activation Key Number&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)