home

icorrect oneclick v2.0 plugin for_10924_i3640667_il345.exe

Ukra-2006 LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application icorrect oneclick v2.0 plugin for_10924_i3640667_il345.exe by Ukra-2006 has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Ukra-2006 LLC  (signed and verified)

MD5:
15f2883d5cc8bfac3febd877a34e83e7

SHA-1:
59f4b84b5a39a7fa97a00d7b4031e0aca84074d9

SHA-256:
63391c096c5fd22349a8303febca393da37a85f0d87b95d2599b910806df3c99

Scanner detections:
11 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/16/2024 8:52:26 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/Amonetize.kpa
7.11.189.132

AVG
Ukra
2015.0.3252

Dr.Web
Trojan.Amonetize.12
9.0.1.0357

ESET NOD32
Win32/Amonetize.CE
8.10799

G Data
NSIS.Application.Crypted
14.12.24

K7 AntiVirus
Unwanted-Program
13.186.14174

Kaspersky
not-a-virus:AdWare.NSIS.Agent
14.0.0.2753

Qihoo 360 Security
Win32/Virus.Adware.b9e
1.0.0.1015

Reason Heuristics
PUP.Ukra2006.v
14.12.23.7

Sophos
Amonetize
4.98

VIPRE Antivirus
Trojan.Win32.Generic
35246

File size:
237 KB (242,696 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\icorrect oneclick v2.0 plugin for_10924_i3640667_il345.exe

Digital Signature
Signed by:
Ukra-2006 LLC

Authority:
Thawte, Inc.

Valid from:
7/1/2014 5:30:00 AM

Valid to:
7/2/2015 5:29:59 AM

Subject:
CN=Ukra-2006 LLC, O=Ukra-2006 LLC, L=Kharkiv, S=Harkivska obl, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B3200D1AF3CAC4253C00F000EF4BAB9

File PE Metadata
Compilation timestamp:
10/7/2014 10:10:26 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:bGC7W7BU5FMqKGqcUz9Pb3h4AjPH3lTIq/g9:Ja7gGqKGqP9DRPrlI/

Entry address:
0x322E

Entry point:
81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 81, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 09, A3, 78, 4F, 43, 00, E8, FD, 2E, 00, 00, A3, C4, 4E, 43, 00, 55, 8D, 44, 24, 38, 68, B4, 02, 00, 00, 50, 55, 68, D8, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, C0, A2, 40, 00, 68, C0, 3E, 43, 00, E8, 68, 2B, 00, 00, FF, 15, 38, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, 56, 2B, 00, 00...
 
[+]

Entropy:
7.8872

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file icorrect oneclick v2.0 plugin for_10924_i3640667_il345.exe has been seen being distributed by the following URL.

http://downprov5.downloadfasteasy.com/.../iCorrect OneClick v2.0 plugin for_10924_i3640667_il345.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.