» installation.exe
Overview
Analysis
File Details
Downloads (1)

installation.exe

Ukra-2006 LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installation.exe by Ukra-2006 has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

installation.exe

Publisher:

Ukra-2006 LLC (signed and verified)

MD5:

3807ae1ef4cfa89eedf94f8b9e73e797

SHA-1:

8c3b839c9a4826efadc11ee09e53f50ed2749231

SHA-256:

fe68aa2f41c26ee1d59d7597f88f41faac4e0669e1108c11f3205019be129c83

Scanner detections:

12 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

1/12/2025 10:40:09 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

MemScan:Application.Bundler.JU

595

Agnitum Outpost

PUA.OutBrowse

7.1.1

Bitdefender

MemScan:Application.Bundler.JU

1.0.20.855

Comodo Security

Application.Win32.AltBrowse.HY

21019

herdProtect (fuzzy)

variant of kmspico_10.0.3.exe (Adware)

2015.6.20.11

K7 AntiVirus

Trojan

13.194.14904

Kaspersky

not-a-virus:Downloader.NSIS.OutBrowse

14.0.0.1858

Malwarebytes

PUP.Optional.OutBrowse

v2015.06.20.11

MicroWorld eScan

MemScan:Application.Bundler.JU

16.0.0.513

NANO AntiVirus

Trojan.Win32.OutBrowse.dmjuro

0.30.0.65070

Quick Heal

Downloader.NSIS.r5 (Not a Virus)

6.15.14.00

Reason Heuristics

PUP.Bundler.Amonetize

15.3.14.7

File size:

582.6 KB (596,608 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

TUGUU DomaIQ Setup (using Nullsoft Install System)

Language:

Language Neutral

Digital Signature

Signed by:

Ukra-2006 LLC

Authority:

thawte, Inc.

Valid from:

1/11/2015 4:00:00 PM

Valid to:

1/12/2016 3:59:59 PM

Subject:

CN=Ukra-2006 LLC, O=Ukra-2006 LLC, L=Kharkiv, S=Kharkiv, C=UA

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

20110F4A7DB51E5FA070D8C28BEA8481

File PE Metadata

Compilation timestamp:

12/5/2009 2:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:GKjafgojiA3zSyEFD/COoNeCDSjIr3QQZHGhczp1EPBQO0VEyGrd:GOaIwiASTKOm0IrAQAcz7+BQg

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9682

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file installation.exe has been seen being distributed by the following URL.

http://get.up1227.info/.../get46?p=7392&d=10083&l=9525&n=1&dt=1413727118

Remove installation.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.