home

installeraxp__7934_il106790.exe

The application installeraxp__7934_il106790.exe has been detected as a potentially unwanted program by 28 anti-malware scanners. This is a setup program which is used to install the application. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Version:
1.1.5.90

MD5:
6776ed0285b24857b3b846c16b3d6245

SHA-1:
67da6f039952abc3685c048de0ccd65ecbba4c7b

SHA-256:
c5638bb054bf77393f47aa893e2ebfaf9d846baafdc568ad624b32f44dd8dd81

Scanner detections:
28 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 10:26:17 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.557603
589

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.03.02

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.213.4

avast!
Win32:Dropper-gen [Drp]
2014.9-150625

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.15625

Bitdefender
Gen:Variant.Kazy.557603
1.0.20.880

Bkav FE
HW32.Packed
1.3.0.6379

Emsisoft Anti-Malware
Gen:Variant.Kazy.557603
8.15.06.25.02

ESET NOD32
Win32/Amonetize.EA potentially unwanted (variant)
9.11251

Fortinet FortiGate
Adware/Amonetize
6/25/2015

F-Secure
Gen:Variant.Kazy.557603
11.2015-25-06_5

G Data
Gen:Variant.Kazy.557603
15.6.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.6.0

K7 AntiVirus
Riskware
13.1915120

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.1832

Malwarebytes
PUP.Optional.Amonetize
v2015.06.25.02

McAfee
Artemis!6776ED0285B2
5600.6723

MicroWorld eScan
Gen:Variant.Kazy.557603
16.0.0.528

NANO AntiVirus
Riskware.Win32.Amonetize.domexk
0.30.0.296

Qihoo 360 Security
Win32/Trojan.f79
1.0.0.1015

Quick Heal
(Suspicious) - DNAScan
6.15.14.00

Sophos
Generic PUA GH
4.98

SUPERAntiSpyware
Adware.Amonetize/Variant
9792

Trend Micro House Call
TROJ_GEN.R021C0EBM15
7.2.176

Trend Micro
TROJ_GEN.R021C0EBM15
10.465.25

VIPRE Antivirus
Trojan.Win32.Generic
38018

Zillya! Antivirus
Adware.Amonetize.Win32.2368
2.0.0.2085

File size:
641.6 KB (656,968 bytes)

Product version:
1.1.5.90

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\installeraxp__7934_il106790.exe

File PE Metadata
Compilation timestamp:
2/13/2015 3:33:21 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:D7DpaXOfiRfOoVL3NwR1FCbUKJMIvc/aEZFRXYJoQmy/nalJDt1C7V7+m8j:D718OfSnBdw7FEMU8ac3oaQ/yJD3aIpj

Entry address:
0xEB467

Entry point:
9C, E8, A4, 94, 00, 00, E8, 24, 60, 04, 00, 28, E0, 99, EE, EB, 63, F8, E0, 6B, D8, D8, 25, EB, 9F, FC, 28, A5, D1, FE, 04, 05, 5A, 4F, 80, 9D, F2, E7, 1F, F0, 01, 4E, 66, 5F, D0, FD, 07, 7C, E6, 7B, BA, 97, B2, BA, 4F, 6A, 52, 93, 39, DE, 78, 8F, 11, 76, E3, B9, D8, 50, A9, 40, 26, 76, C3, 6D, 51, 5E, 93, 54, E7, 74, 36, 0B, 1B, E0, 3F, D0, 31, 22, 35, 6D, CE, 29, FC, D5, 0A, DB, 5C, ED, 57, 18, 3B, AF, 20, C2, CA, 6F, 45, 28, A7, C1, D0, 8D, 72, 9F, 41, 4D, D8, B4, DD, 32, 0F, 25, 9E, 1E, B4, F4, 0F, 73...
 
[+]

Entropy:
7.8637  (probably packed)

Code size:
410.5 KB (420,352 bytes)

The file installeraxp__7934_il106790.exe has been seen being distributed by the following 2 URLs.

q=http://bit.ly/13UJ2Jx&redir_token=PydwAv6Auc3uH61uNGmG3hVGcWx8MTQyMzkzMjAyM0AxNDIzODQ1NjIz

http://downloadmee.com/download.php?id=yewryk&title=

Remove installeraxp__7934_il106790.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.