home

hemenindir__7818_i1022158740_il14.exe

TEHSNABSTROY LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application hemenindir__7818_i1022158740_il14.exe by TEHSNABSTROY has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
TEHSNABSTROY LLC  (signed and verified)

Version:
1.1.5.27

MD5:
bc546a5516718dfde4c92b863ce7cbfc

SHA-1:
ea93aa72472a09ae69f15ff648772ebe48b7c203

SHA-256:
6d116d5d864bdffd0b21f7755fcb4c0c104911e29bc631e6a032211e0269bb52

Scanner detections:
21 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/25/2024 3:44:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1754190
928

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.07.10

avast!
Win32:Amonetize-CI [PUP]
2014.9-140712

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.14721

Bitdefender
Trojan.GenericKD.1754190
1.0.20.1010

Dr.Web
Adware.Downware.5717
9.0.1.0193

Emsisoft Anti-Malware
Trojan.GenericKD.1754190
8.14.07.21.02

ESET NOD32
Win32/Amonetize.BG (variant)
8.10073

Fortinet FortiGate
Riskware/Amonetize
7/21/2014

F-Secure
Trojan.GenericKD.1754190
11.2014-21-07_2

G Data
Win32.Application.Amonetize
14.7.24

K7 AntiVirus
Trojan
13.180.12701

Malwarebytes
PUP.Optional.Amonetize
v2014.07.12.07

McAfee
Artemis!C119EA5AE655
5600.7062

MicroWorld eScan
Trojan.GenericKD.1754190
15.0.0.606

NANO AntiVirus
Riskware.Win32.Amonetize.dcckkw
0.28.0.60698

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.TEHSNABSTROY.b
14.7.12.7

Sophos
Generic PUA EP
4.98

Trend Micro House Call
Suspicious_GEN.F47V0711
7.2.202

File size:
331.6 KB (339,528 bytes)

Product version:
1.1.5.27

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\hemenindir__7818_i1022158740_il14.exe

Digital Signature
Signed by:
TEHSNABSTROY LLC

Authority:
COMODO CA Limited

Valid from:
6/19/2014 3:00:00 AM

Valid to:
6/20/2015 2:59:59 AM

Subject:
CN=TEHSNABSTROY LLC, O=TEHSNABSTROY LLC, STREET="UL. NIKOLYAMSKAYA, 9", L=G. MOSKVA, S=G. MOSKVA, PostalCode=109240, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F4B1A67457808CFF0300CD93C4050F05

File PE Metadata
Compilation timestamp:
7/4/2014 6:07:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:7ck/KG/pZywzTBQJzkKlVpRmZgohluRT6rCcIiXPksIpFt5YHZ0YjHcW:7ckfhEwzTerpigoCRT6CcIiXcUim8W

Entry address:
0x11277

Entry point:
E8, BA, 46, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 3C, 2D, 42, 00, 00, 75, 18, E8, B4, 3D, 00, 00, 6A, 1E, E8, FE, 3B, 00, 00, 68, FF, 00, 00, 00, E8, 97, F6, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40...
 
[+]

Code size:
94.5 KB (96,768 bytes)

The file hemenindir__7818_i1022158740_il14.exe has been seen being distributed by the following URL.

http://ozelindir.com/linktl

Remove hemenindir__7818_i1022158740_il14.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.