» hemenindir__7818_i1023408841_il14.exe
Overview
Analysis
File Details
Downloads (2)

hemenindir__7818_i1023408841_il14.exe

TEHSNABSTROY LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application hemenindir__7818_i1023408841_il14.exe by TEHSNABSTROY has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

TEHSNABSTROY LLC (signed and verified)

Version:

1.1.5.27

MD5:

db7317bc86da9a8ca45724ed254e4092

SHA-1:

0e8f2aa2dbbfd3789fc4b39ac59414f5c283d356

SHA-256:

ffdfab92ffbf4a27e24464c60c54fd905003a48b72586bbfc2a4092caf42278b

Scanner detections:

21 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/25/2024 4:00:26 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1754190

928

Agnitum Outpost

PUA.Amonetize

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetiz

2014.07.11

avast!

Win32:Amonetize-CI [PUP]

2014.9-140712

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.14721

Bitdefender

Trojan.GenericKD.1754190

1.0.20.1010

Dr.Web

Adware.Downware.5717

9.0.1.0193

Emsisoft Anti-Malware

Trojan.GenericKD.1754190

8.14.07.21.02

ESET NOD32

Win32/Amonetize.BG (variant)

8.10076

Fortinet FortiGate

Riskware/Amonetize

7/21/2014

F-Secure

Trojan.GenericKD.1754190

11.2014-21-07_2

G Data

Win32.Application.Amonetize

14.7.24

K7 AntiVirus

Trojan

13.180.12701

Malwarebytes

PUP.Optional.Amonetize

v2014.07.12.07

McAfee

Artemis!C119EA5AE655

5600.7062

MicroWorld eScan

Trojan.GenericKD.1754190

15.0.0.606

NANO AntiVirus

Riskware.Win32.Amonetize.dcckkw

0.28.0.60698

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.TEHSNABSTROY.b

14.7.12.7

Sophos

Generic PUA EP

4.98

Trend Micro House Call

Suspicious_GEN.F47V0711

7.2.202

File size:

333.1 KB (341,064 bytes)

Product version:

1.1.5.27

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

TUGUU DomaIQ Setup

Language:

English (United States)

Common path:

C:\users\{user}\downloads\hemenindir__7818_i1023408841_il14.exe

Digital Signature

Signed by:

TEHSNABSTROY LLC

Authority:

COMODO CA Limited

Valid from:

6/19/2014 3:00:00 AM

Valid to:

6/20/2015 2:59:59 AM

Subject:

CN=TEHSNABSTROY LLC, O=TEHSNABSTROY LLC, STREET="UL. NIKOLYAMSKAYA, 9", L=G. MOSKVA, S=G. MOSKVA, PostalCode=109240, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F4B1A67457808CFF0300CD93C4050F05

File PE Metadata

Compilation timestamp:

7/4/2014 6:07:43 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:9ck/KG/pZywzTBQyGrcctApjJVxXd64XDbmPdEk+BJ/rFE:9ckfhEwzTAmh364TbmVEZBJ5E

Entry address:

0x11277

Entry point:

E8, BA, 46, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 3C, 2D, 42, 00, 00, 75, 18, E8, B4, 3D, 00, 00, 6A, 1E, E8, FE, 3B, 00, 00, 68, FF, 00, 00, 00, E8, 97, F6, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40... 
[+]

Code size:

94.5 KB (96,768 bytes)

The file hemenindir__7818_i1023408841_il14.exe has been seen being distributed by the following 2 URLs.

http://www.generaldownload.com/download.php?version=1.1.5.27&ti1=p191.oc203.30966.203.0a371034151d18&ti2=8916419796&campid=2299&instid[appname]=Download Manager&instid[appsetupurl]=http://link.wdownloadmanager.com/?url=&ref=&name=DownloadFileSetup&source=xs&instid[cmdline]=&instid[appimageurl]=http://.../dl.png&prefix=DownloadFileSetup&instid[thankyoupage]=

http://ozelindir.com/linktl

Remove hemenindir__7818_i1023408841_il14.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.