» foto sizer professional edition 2.02.0.532 full version__3228_il1360479.exe
Overview
Analysis
File Details
Downloads (2)
Network (2)

foto sizer professional edition 2.02.0.532 full version__3228_il1360479.exe

Installer

The application foto sizer professional edition 2.02.0.532 full version__3228_il1360479.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.moraldownload.com and multiple other hosts. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

Product:

Installer

Version:

1.1.6.20

MD5:

e88a8bf3004b085b7599792701d8e2e7

SHA-1:

824f70561d19102f6c62198f31626c34d135e338

SHA-256:

f2bda9cca161f1602ac1813e540ae076b78b6f9678d979b485b22da507df6436

Scanner detections:

22 / 68

Status:

Potentially unwanted

Analysis date:

11/6/2024 2:11:04 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.121680

1113

AhnLab V3 Security

Trojan/Win32.Gen

2014.01.06

Avira AntiVirus

APPL/Amonetize.hsn.52

7.11.123.190

avast!

Win32:Rootkit-gen [Rtk]

2014.9-140118

Baidu Antivirus

Trojan.Win32.Amonetize

4.0.3.14118

Bitdefender

Gen:Variant.Adware.Graftor.121680

1.0.20.90

Bkav FE

W32.Clodfc1.Trojan

1.3.0.4613

Dr.Web

Adware.Downware.1729

9.0.1.018

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.121680

8.14.01.18.12

ESET NOD32

Win32/Amonetize (variant)

8.9256

Fortinet FortiGate

W32/Amonetize.W

1/18/2014

F-Secure

Gen:Variant.Adware.Graftor.121680

11.2014-18-01_7

G Data

Gen:Variant.Adware.Graftor.121680

14.1.22

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.2.29

K7 AntiVirus

Trojan

13.175.10735

Malwarebytes

PUP.Optional.Monetizer

v2014.01.18.12

McAfee

Artemis!E88A8BF3004B

5600.7247

MicroWorld eScan

Gen:Variant.Adware.Graftor.121680

15.0.0.54

Panda Antivirus

Suspicious file

14.01.18.12

Trend Micro House Call

TROJ_GEN.F0C2C00LV13

7.2.18

Trend Micro

TROJ_GEN.F0C2C00LV13

10.465.18

VIPRE Antivirus

Trojan.Win32.Generic

25142

File size:

324.5 KB (332,288 bytes)

Product version:

2.1.12

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\foto sizer professional edition 2.02.0.532 full version__3228_il1360479.exe

File PE Metadata

Compilation timestamp:

11/21/2013 9:04:35 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:mc0zNoIbuA7iQHKAR4uiNmBVvgvei04PTsnbnvvTh7sDNhAGEaQ6pX:90ZoIbliMHiNmVvEZbcvvTh73Kp

Entry address:

0x27063

Entry point:

E8, 74, 96, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF... 
[+]

Entropy:

6.4252

Code size:

230 KB (235,520 bytes)

The file foto sizer professional edition 2.02.0.532 full version__3228_il1360479.exe has been seen being distributed by the following 2 URLs.

http://www.moraldownload.com/download.php?version=1.1.6.20&prefix=NCH MixPad Audio.Mixer v3.15 Full Activation Key Number&campid=2963&instid[appname]=NCH MixPad Audio.Mixer v3.15 Full Activation Key Number&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

http://www.moraldownload.com/download.php?version=1.1.6.20&prefix=Foto Sizer Professional Edition 2.02.0.532 Full Version&campid=3228&instid[appname]=Foto Sizer Professional Edition 2.02.0.532 Full Version&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove foto sizer professional edition 2.02.0.532 full version__3228_il1360479.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.