installer27__7934_il13539.exe

The application installer27__7934_il13539.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. This is a setup program which is used to install the application. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from v4download.com.
Version:
1.1.5.90

MD5:
f7fbfeb210cb7d2b83e2f9d3fb32887a

SHA-1:
f81447f5043981489e3085cbf6d7f8522c7efe51

SHA-256:
f22ba65949e6295fde1156d43e975d5e3880aff41505dea7657508e07582feec

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 1:24:57 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.557603
254

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.03.08

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.214.146

Baidu Antivirus
PUA.Win32.Amonetize
4.0.3.16526

Bitdefender
Gen:Variant.Kazy.557603
1.0.20.735

Bkav FE
W32.HfsAdware
1.3.0.6379

Emsisoft Anti-Malware
Gen:Variant.Kazy.557603
8.16.05.26.04

ESET NOD32
Win32/Amonetize.EA potentially unwanted (variant)
10.11284

F-Secure
Gen:Variant.Kazy.557603
11.2016-26-05_5

G Data
Gen:Variant.Kazy.557603
16.5.25

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Generic
14.0.0.154

Malwarebytes
PUP.Optional.Amonetize
v2016.05.26.04

MicroWorld eScan
Gen:Variant.Kazy.557603
17.0.0.441

Panda Antivirus
Generic Suspicious
16.05.26.04

Qihoo 360 Security
HEUR/QVM16.0.Malware.Gen
1.0.0.1015

Quick Heal
(Suspicious) - DNAScan
5.16.14.00

Reason Heuristics
Adware.Amonetize.ET (M)
16.5.26.4

Trend Micro House Call
TROJ_GEN.R0C1H07C715
7.2.147

File size:
657.5 KB (673,280 bytes)

Product version:
1.1.5.90

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\installer27__7934_il13539.exe

File PE Metadata
Compilation timestamp:
3/3/2015 11:01:10 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:qk0qgNiaqvI99knmVwBudDs9qwwK5lTayPUxRwmVHEC311C7V7+m8F:r0qgcNvsImfs9qbK5lZcRNHEC3/aIpF

Entry address:
0x102FF4

Entry point:
68, 68, CE, 8F, E5, 60, C7, 44, 24, 20, 31, 25, 4C, 17, E8, F1, 52, 00, 00, 30, 5D, 46, FF, 95, 0A, B2, CA, 2C, D9, C7, E5, 8D, 3A, 6E, A7, 6D, 86, AF, 74, 39, E8, 4D, F8, ED, F0, 44, 41, 87, B0, B5, A9, 63, 80, F2, 3F, 90, 1D, 6F, 0C, 85, F0, 45, C2, B0, B9, 3F, C1, A5, 59, A0, 30, 52, D4, AA, DE, 26, 9A, 51, 25, C9, 02, 46, C0, C4, 5A, CA, 48, 2A, 3B, D4, FD, FE, B7, 74, 58, 51, A5, 96, E8, 1A, B2, 0F, DD, 26, 0A, 24, 92, 35, AA, 16, CF, 27, D5, 1D, 63, FD, CE, 14, 02, 84, 60, D1, F7, F8, 55, 52, C3, 30...
 
[+]

Code size:
352.5 KB (360,960 bytes)

The file installer27__7934_il13539.exe has been seen being distributed by the following URL.

Remove installer27__7934_il13539.exe - Powered by Reason Core Security