install-flashplayer__4607_i535912717_il105.exe

The application install-flashplayer__4607_i535912717_il105.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer, however the file is not signed with an authenticode signature from a trusted source. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. With this installer, users are expecting to download the free Adobe Flash Player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Version:
1.1.6.20

MD5:
797ca64a200a19aca7365cd5a982e689

SHA-1:
c59a04a6327aa36f99e399e1df58941df8ce4186

SHA-256:
cee5432ffff2be1ef23cc73b86ca1bbe3240a264b017847636b57b8b2bb8a962

Scanner detections:
16 / 68

Status:
Potentially unwanted

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 12:00:42 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Amonetiz
14.04.14

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.141.200

avast!
Win32:Amonetize-AK [PUP]
2014.9-140414

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.14414

Comodo Security
ApplicUnwnt
18068

Dr.Web
Adware.Downware.2467
9.0.1.0104

ESET NOD32
Win32/Amonetize.AJ (variant)
8.9649

Fortinet FortiGate
Riskware/Amonetize
4/14/2014

K7 AntiVirus
Trojan
13.176.11684

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize
14.0.0.4017

Malwarebytes
PUP.Optional.Amonetize.A
v2014.04.14.02

McAfee
Artemis!797CA64A200A
5600.7160

Qihoo 360 Security
Win32/Virus.Adware.932
1.0.0.1015

Sophos
Amonetize
4.98

Trend Micro House Call
TROJ_GEN.F47V0406
7.2.104

VIPRE Antivirus
Amonetize
28120

File size:
344 KB (352,256 bytes)

Product version:
1.1.6.20

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\install-flashplayer__4607_i535912717_il105.exe

File PE Metadata
Compilation timestamp:
4/6/2014 3:35:20 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:NkKJ3cM1RNa1/7IIv4vHaWBXQm7AEeeqCafYKEoaYQ2qwELWMBg:NkKJ3j1RNa97IIv4vHa2XQrsK9aYQ2MB

Entry address:
0x29E51

Entry point:
E8, D6, 97, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 53, 56, 8B, 44, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 0C, F7, F1, 8B, D3, EB, 41, 8B, C8, 8B, 5C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 18, 8B, C8, 8B, 44, 24, 14, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 10, 77, 08, 72, 07, 3B, 44, 24, 0C, 76, 01, 4E, 33, D2, 8B, C6, 5E, 5B, C2, 10, 00, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F...
 
[+]

Code size:
245.5 KB (251,392 bytes)

The file install-flashplayer__4607_i535912717_il105.exe has been seen being distributed by the following 14 URLs.

http://www.installpath.com/dd/alldd.html?myref=www.newhdplugin.net&version=1.1.6.20&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=MTg3fDIxMzB8TVh8M3wxfHw|c4020c18ac49f2e4c71e8ec2b43ff076|7a6e6250-444a-11e3-b62d-0025b320a860&capp=FlashPlayer&AMt=1396819759302&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=NzI0fDIzMzZ8UEt8M3wxfHw|b3779383227887b67fde0a18f177a90f|a233c752-bda6-11e3-b038-0025b320a860