install-flashplayer__4607_i514146160_il105.exe

The application install-flashplayer__4607_i514146160_il105.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer, however the file is not signed with an authenticode signature from a trusted source. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. With this installer, users are expecting to download the free Adobe Flash Player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Version:
1.1.6.20

MD5:
45659eba1938e75263ba255d965759c3

SHA-1:
6c1f2871e72492cc1416596de9e32e62456a79b5

SHA-256:
7fdcce39abf42096e9ace7222db158d1a3304de74ea5cc8a16881a0cffbb91c1

Scanner detections:
20 / 68

Status:
Potentially unwanted

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 1:52:46 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Amonetize.14
6483355

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.02.24

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.212.80

avast!
Win32:Amonetize-AR [PUP]
150129-1

AVG
Adware Generic_r.JX
2014.0.4257

Bitdefender
Gen:Variant.Application.Bundler.Amonetize.14
1.0.20.275

Dr.Web
Adware.Downware.2467
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Amonetize.14
9.0.0.4799

ESET NOD32
Win32/Amonetize.AJ potentially unwanted application
7.0.302.0

F-Prot
W32/Amonetize.A.gen
v6.4.7.1.166

F-Secure
Riskware.Gen:Variant.Application.Bundler
5.13.68

G Data
Gen:Variant.Application.Bundler.Amonetize.14
15.2.25

Malwarebytes
PUP.Optional.Amonetize
v2015.02.24.07

McAfee
Program.PUP-FBM
16.8.708.2

MicroWorld eScan
Gen:Variant.Application.Bundler.Amonetize.14
16.0.0.165

NANO AntiVirus
Riskware.Win32.Amonetize.cwpcfa
0.30.0.296

Norman
Gen:Variant.Application.Bundler.Amonetize.14
03.12.2014 13:20:04

Panda Antivirus
Trj/Genetic.gen
15.02.24.07

Sophos
PUA 'Amonetize'
5.10

VIPRE Antivirus
Threat.4785227
37788

File size:
341.1 KB (349,287 bytes)

Product version:
1.1.6.20

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\install-flashplayer__4607_i514146160_il105.exe

File PE Metadata
Compilation timestamp:
4/1/2014 3:30:36 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:mqAM+J+mBumqZWv3rVMkMB+rF7r9gelBI8YfUyklz9m/PfeLz7BT5dR6M:mqAM+J+mcTZW/rVMkk+rQZUflz9qkBte

Entry address:
0x29BF1

Entry point:
E8, C8, 97, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 53, 56, 8B, 44, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 0C, F7, F1, 8B, D3, EB, 41, 8B, C8, 8B, 5C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 18, 8B, C8, 8B, 44, 24, 14, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 10, 77, 08, 72, 07, 3B, 44, 24, 0C, 76, 01, 4E, 33, D2, 8B, C6, 5E, 5B, C2, 10, 00, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F...
 
[+]

Entropy:
6.4640

Code size:
244.5 KB (250,368 bytes)