I Want This.exe

I Want This

215 Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application I Want This.exe by 215 Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program I Want This by 215 Apps which is a potentially unwanted software program.
Publisher:
215 Apps  (signed and verified)

Product:
I Want This

Description:
I Want This exe

Version:
1.1.149.43

MD5:
bc12e488b0d796f714dabcf9abc08bff

SHA-1:
ae17123977dec9c9b88b07f7bd98bf79dbc87f83

SHA-256:
11b801b98089b437522109ab7fd0cb28e56fc724321326298c65a85da493ef26

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 7:50:37 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.50OnRed (M)
16.12.21.8

File size:
431.8 KB (442,200 bytes)

Product version:
1.1.149.43

Copyright:
Copyright 2011

Original file name:
I Want This.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\i want this\i want this.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/24/2011 9:00:00 PM

Valid to:
10/24/2012 8:59:59 PM

Subject:
CN=215 Apps, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=215 Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4D064A782BC23A29CC9B8499A9F4AFB4

File PE Metadata
Compilation timestamp:
3/20/2012 7:43:16 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x41D23

Entry point:
E8, BA, 90, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 74, D0, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 40, 96, 46, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 44, A0, 45, 00...
 
[+]

Code size:
352.5 KB (360,960 bytes)

The file I Want This.exe has been discovered within the following program.

I Want This  by 215 Apps
I Want This (i want this.dll) is a web browser extension loaded with Internet Explorer via the I Want This BHO.
iw.antthis.com
88% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.49.233:80)

Remove I Want This.exe - Powered by Reason Core Security