installer29__7934_il22258.exe

The application installer29__7934_il22258.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. This is a setup program which is used to install the application. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from doc-0o-74-docs.googleusercontent.com and multiple other hosts.
Version:
1.1.5.90

MD5:
4bd1fcbddf74df979343906b67e411ae

SHA-1:
5968bea98dc18f79e0392b6565d09b6f374e587b

SHA-256:
064f50b4189c13c72da295e3ca9b0698a8b71ae47db704a78fc118dbdb5e8a49

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 5:27:13 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.556217
712

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.02.22

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.211.248

Bitdefender
Gen:Variant.Adware.Kazy.556217
1.0.20.265

Bkav FE
HW32.Packed
1.3.0.6379

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.556217
8.15.02.22.05

F-Secure
Gen:Variant.Adware.Kazy.556217
11.2015-22-02_1

G Data
Gen:Variant.Adware.Kazy.556217
15.2.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.6.0

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2446

McAfee
Artemis!4BD1FCBDDF74
5600.6846

MicroWorld eScan
Gen:Variant.Adware.Kazy.556217
16.0.0.159

Qihoo 360 Security
Win32/Trojan.f79
1.0.0.1015

Quick Heal
(Suspicious) - DNAScan
2.15.14.00

Trend Micro House Call
TROJ_GEN.R02SH09BK15
7.2.53

File size:
647.5 KB (663,040 bytes)

Product version:
1.1.5.90

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\installer29__7934_il22258.exe

File PE Metadata
Compilation timestamp:
2/20/2015 9:04:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:6BXdzmWRFmWkBZ9i+yzg9YCqAuLOiWvnphbjex7wprT1gpZG/t1C7V7+m8oq:6BtiWvkjyE9knO9P2xcpneC/3aIp7

Entry address:
0xF2FD8

Entry point:
E8, 8D, 17, 04, 00, E9, E8, 02, 04, 00, 60, A3, 55, 9E, 97, 85, 7D, 70, C3, C7, 10, 9D, C4, AC, 54, C4, C9, F3, 03, 35, CA, 0B, F8, 1A, EE, 3B, 30, 2F, D4, CA, 75, 8E, 39, 86, 7D, 72, CD, 34, 2C, 69, F6, 08, 04, 19, 3C, B5, 15, 5E, A0, D6, BA, 12, C7, 27, DB, B1, E2, 9B, 99, 15, 6F, 8F, 13, FF, C7, 2C, 7F, C2, 3E, 1F, 69, A6, 6C, 26, C1, C3, C8, 37, C0, C1, D4, 2D, E1, 17, E9, 1B, 14, B0, 48, 47, A5, B5, 13, CF, A5, DE, 4F, C2, 30, 15, 36, 20, 8C, 61, E7, 5F, A6, BC, 26, 36, 1A, F4, F9, CA, EC, 32, 5B, 55...
 
[+]

Code size:
349.5 KB (357,888 bytes)

The file installer29__7934_il22258.exe has been seen being distributed by the following 7 URLs.

Remove installer29__7934_il22258.exe - Powered by Reason Core Security