home

installer42__7934_il31602.exe

The application installer42__7934_il31602.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. This is a setup program which is used to install the application. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from downloadmee.com.
Version:
1.1.5.90

MD5:
84e74b5d22f3fa313b3bb2e9c80bab87

SHA-1:
873cc67e847a6ff8611682e06245c88f1161a59c

SHA-256:
c2454408ea9d27855f5d175ae5470b9cab2b808fbdd5a147327e290a1f1d9117

Scanner detections:
25 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 10:15:38 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.572610
345

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.04.19

Avira AntiVirus
TR/Crypt.XPACK.Gen3
3.6.1.96

avast!
Win32:Dropper-gen [Drp]
2014.9-160224

Baidu Antivirus
PUA.Win32.Amonetize
4.0.3.16224

Bitdefender
Gen:Variant.Kazy.572610
1.0.20.275

Bkav FE
HW32.Packed
1.3.0.6379

Comodo Security
UnclassifiedMalware
21811

Emsisoft Anti-Malware
Gen:Variant.Kazy.572610
8.16.02.24.12

ESET NOD32
Win32/Amonetize.EA potentially unwanted (variant)
10.11494

Fortinet FortiGate
Riskware/Amonetize
2/24/2016

F-Secure
Gen:Variant.Kazy.572610
11.2016-24-02_4

G Data
Gen:Variant.Kazy.572610
16.2.25

K7 AntiVirus
Trojan
13.202.15640

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.612

Malwarebytes
PUP.Optional.Amonetize
v2016.02.24.12

MicroWorld eScan
Gen:Variant.Kazy.572610
17.0.0.165

NANO AntiVirus
Riskware.Win32.Amonetize.dpklnh
0.30.16.1110

Panda Antivirus
Generic Suspicious
16.02.24.12

Qihoo 360 Security
HEUR/QVM19.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Amonetize (M)
16.2.24.12

Sophos
Generic PUA IH
4.98

Trend Micro House Call
TROJ_GEN.R021C0ECM15
7.2.55

Trend Micro
TROJ_GEN.R021C0ECM15
10.465.24

File size:
1.3 MB (1,393,664 bytes)

Product version:
1.1.5.90

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\installer42__7934_il31602.exe

File PE Metadata
Compilation timestamp:
3/16/2015 12:01:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:nYPSQ/2sg7j88mkNa7/oLIJ2JC7durfZbKt5aIp:zRsOB9a0LASZfBI

Entry address:
0x29AC15

Entry point:
EB, 08, 57, 1F, 01, 00, 00, 00, 00, 00, E9, 3F, AC, F0, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C0, 2A, 47, 00, 80, AC, 69, 00, F1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 3A, B5, 02, 00, 44, B6, 02, 00, E0, CB, 02, 00, 50, 53, 03, 00, 90, A1, 04, 00, 92...
 
[+]

Code size:
1.2 MB (1,241,600 bytes)

The file installer42__7934_il31602.exe has been seen being distributed by the following URL.

http://downloadmee.com/download.php?id=simonaslietuva&title=Setup

Remove installer42__7934_il31602.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.