hemenindir__7818_i1070106503_il6.exe

TEHSNABSTROY LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application hemenindir__7818_i1070106503_il6.exe by TEHSNABSTROY has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
TEHSNABSTROY LLC  (signed and verified)

Version:
1.1.5.27

MD5:
970602b43ee8d6c9a6a46cc29596f8c7

SHA-1:
760a991a8b47d1d94bfd76d523c82d7eadaed197

SHA-256:
566b760932a52e1ee60ec11dc009ce425ad2dab64f4d900a7249f18422b79aca

Scanner detections:
31 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/23/2024 10:51:09 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Amonetize.M
781

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetize
2014.09.03

Avira AntiVirus
ADWARE/Adware.Gen
7.11.170.158

avast!
Win32:Amonetize-CP [PUP]
2014.9-141010

AVG
Generic
2015.0.3326

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.141215

Bitdefender
Adware.Amonetize.M
1.0.20.1745

Comodo Security
ApplicUnwnt
19403

Dr.Web
Adware.Downware.6202
9.0.1.0283

Emsisoft Anti-Malware
Adware.Amonetize.M
8.14.12.15.06

ESET NOD32
Win32/Amonetize.BJ (variant)
8.10357

Fortinet FortiGate
Riskware/Amonetize
10/10/2014

G Data
Adware.Amonetize
14.12.24

K7 AntiVirus
Trojan
13.182.12926

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2791

Malwarebytes
PUP.Optional.Amonetize
v2014.10.10.04

McAfee
Artemis!970602B43EE8
5600.6982

MicroWorld eScan
Adware.Amonetize.M
15.0.0.1047

nProtect
Trojan-Clicker/W32.Amonetize.496128
14.08.03.01

Panda Antivirus
Trj/Chgt.C
14.12.15.06

Qihoo 360 Security
Win32/Trojan.Dropper.c9f
1.0.0.1015

Quick Heal
AdWare.Amonetize.r4 (Not a Virus)
12.14.14.00

Reason Heuristics
PUP.Installer.TEHSNABSTROY.a
14.10.10.4

Rising Antivirus
PE:Trojan.Win32.Generic.17073367!386347879
23.00.65.141213

Sophos
Generic PUA HG
4.98

Trend Micro House Call
Suspicious_GEN.F47V0727
7.2.283

Trend Micro
TROJ_GEN.R0CBC0UGP14
10.465.15

Vba32 AntiVirus
AdWare.Amonetize
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
32766

Zillya! Antivirus
Adware.Amonetize.Win32.870
2.0.0.1909

File size:
329.1 KB (336,968 bytes)

Product version:
1.1.5.27

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\hemenindir__7818_i1070106503_il6.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/19/2014 3:00:00 AM

Valid to:
6/20/2015 2:59:59 AM

Subject:
CN=TEHSNABSTROY LLC, O=TEHSNABSTROY LLC, STREET="UL. NIKOLYAMSKAYA, 9", L=G. MOSKVA, S=G. MOSKVA, PostalCode=109240, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F4B1A67457808CFF0300CD93C4050F05

File PE Metadata
Compilation timestamp:
7/21/2014 10:19:23 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:ppeLUHwA4ITB0TpWc5faE6tXE48IYR/kQrcfIWnUU0L2E:TiTA4ITaL6t0sYNkEFUQ2E

Entry address:
0x106B0

Entry point:
E8, CB, 5A, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, C4, 6F, 3C, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9...
 
[+]

Code size:
106 KB (108,544 bytes)

The file hemenindir__7818_i1070106503_il6.exe has been seen being distributed by the following URL.

Remove hemenindir__7818_i1070106503_il6.exe - Powered by Reason Core Security