gladaitor1 jsc sport full hd by sat s.com.rar__3516_i161892186_il5029388.exe

Installer

Shetef Solutions & Consulting (1998) Ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application gladaitor1 jsc sport full hd by sat s.com.rar__3516_i161892186_il5029388.exe by Shetef Solutions & Consulting (1998) has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.
Publisher:
Amônétízé Ltd  (signed by Shetef Solutions & Consulting (1998) Ltd.)

Product:
Installer

Version:
1.1.5.98

MD5:
cd1ffc3696d4a2673ed6a7ed1a64101c

SHA-1:
a98c6f34f72b76b8b2811a7757df928b7d89503b

SHA-256:
a365db964acb649b130a063df091a567d8e9ed8678fcbb357f1a58eb23d16fce

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 4:17:15 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.121.104

avast!
Win32:Rootkit-gen [Rtk]
2014.9-131223

Dr.Web
Adware.Downware.1575
9.0.1.0357

ESET NOD32
Win32/Amonetize (variant)
7.9190

G Data
Win32.Trojan.Agent.OXERD6
13.12.22

IKARUS anti.virus
not-a-virus:Downloader.Win32.Agent
t3scan.2.2.29

Malwarebytes
PUP.Optional.InstallMonetizer
v2013.12.23.03

McAfee
Artemis!CD1FFC3696D4
5600.7272

nProtect
Adware/W32.Agent.153728
13.12.23.01

Reason Heuristics
PUP.Installer.ShetefSolutionsConsulting1998.?
14.8.8.3

Trend Micro House Call
TROJ_GEN.F47V1125
7.2.357

VIPRE Antivirus
Amonetize
24658

File size:
150.1 KB (153,728 bytes)

Product version:
2.1.12

Copyright:
(c) Amônétízé Ltd, 2012,2013. All rights reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\gladaitor1 jsc sport full hd by sat s.com.rar__3516_i161892186_il5029388.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
7/23/2013 1:00:00 AM

Valid to:
7/24/2014 12:59:59 AM

Subject:
CN=Shetef Solutions & Consulting (1998) Ltd., O=Shetef Solutions & Consulting (1998) Ltd., L=Rannana, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7C23DBB97FAFBB9D28D413F836202024

File PE Metadata
Compilation timestamp:
11/25/2013 11:36:10 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:mkpBjQU3u4JBdvF9Who3uMCrnMxhl259N93M1qCAJBwvw:mk3jQJgF9WhzMCrMs59NdEAPGw

Entry address:
0x59BF0

Entry point:
60, BE, 00, A0, 43, 00, 8D, BE, 00, 70, FC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA]

Code size:
128 KB (131,072 bytes)

The file gladaitor1 jsc sport full hd by sat s.com.rar__3516_i161892186_il5029388.exe has been seen being distributed by the following 50 URLs.

http://download.aminst.net/.../get.php?q=greys.anatomy.100102.hdtv-lol.mp4.flv&ti1=500000&ti2=0&ti3=2013-11-30T20:38:20.738181 00:00

Latest 30 of 83 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)