home

installer25__7934_il46455.exe

The application installer25__7934_il46455.exe has been detected as a potentially unwanted program by 33 anti-malware scanners. This is a setup program which is used to install the application. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from downloadmee.com.
Version:
1.1.5.90

MD5:
ebaf42ee1c0518dbd3c8939f67a5bb0b

SHA-1:
04a58b8e25f351db9195f25bcd1ad5ffc6f8d061

SHA-256:
f65204222d2330a4d757e4ef36e82ea8256530b425f3be3e430a708a4f55bf17

Scanner detections:
33 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 10:31:38 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Imonetize.2
237

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.10.27

Avira AntiVirus
ADWARE/Adware.Gen2
8.3.2.2

Arcabit
Application.Imonetize.2
1.0.0.585

avast!
Win32:PUP-gen [PUP]
2014.9-160612

AVG
BundleApp
2017.0.2715

Baidu Antivirus
PUA.Win32.Amonetize
4.0.3.16612

Bitdefender
Gen:Application.Imonetize.2
1.0.20.820

Bkav FE
HW32.Packed
1.3.0.7383

Comodo Security
Application.Win32.Amonetize.A
23480

Dr.Web
Trojan.Amonetize.2070
9.0.1.0164

ESET NOD32
Win32/Amonetize.EA potentially unwanted (variant)
10.12469

Fortinet FortiGate
Riskware/Amonetize
6/12/2016

F-Prot
W32/S-213d9247
v6.4.7.1.166

G Data
Gen:Application.Imonetize
16.6.25

K7 AntiVirus
Adware
13.212.17655

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Generic
14.0.0.70

Malwarebytes
PUP.Optional.Amonetize
v2016.06.12.12

McAfee
Artemis!EBAF42EE1C05
5600.6371

MicroWorld eScan
Gen:Application.Imonetize.2
17.0.0.492

NANO AntiVirus
Riskware.Win32.Amonetize.dpwprx
0.30.26.3947

Panda Antivirus
Trj/Genetic.gen
16.06.12.12

Qihoo 360 Security
HEUR/QVM19.1.Malware.Gen
1.0.0.1015

Quick Heal
AdWare.Amonetize.g6 (Not a Virus)
6.16.14.00

Reason Heuristics
Adware.Amonetize.ET (M)
16.6.12.0

Sophos
Generic PUA AE (PUA)
4.98

SUPERAntiSpyware
PUP.Amonetize/Variant
9087

Total Defense
Win32/Tnega.PbGaEYC
37.1.62.1

Vba32 AntiVirus
AdWare.Amonetize
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
44838

ViRobot
Trojan.Win32.A.Badur.1279488.U[h]
2014.3.20.0

Zillya! Antivirus
Adware.Amonetize.Win32.3110
2.0.0.2476

File size:
1.2 MB (1,279,488 bytes)

Product version:
1.1.5.90

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\installer25__7934_il46455.exe

File PE Metadata
Compilation timestamp:
3/22/2015 6:01:21 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:MFPHD2rtWjSELXZrNPx7DPZgL03g7oeqGO5RvK4JVs6WPaIu:WPHDq/ELXjlDPKNqVLlbI

Entry address:
0x249177

Entry point:
EB, 08, 63, CF, 10, 00, 00, 00, 00, 00, E9, 42, 06, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C0, 2A, 47, 00, E0, 91, 64, 00, F2, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 5A, AF, 02, 00, 64, B0, 02, 00, 00, C6, 02, 00, 70, 4D, 03, 00, B0, 9B, 04, 00, B2, 58, 05...
 
[+]

Code size:
1.1 MB (1,132,032 bytes)

The file installer25__7934_il46455.exe has been seen being distributed by the following URL.

http://downloadmee.com/download.php?id=pawelPP&title=flashplayer

Remove installer25__7934_il46455.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.