Installeriun__7934_il106790.exe

The application Installeriun__7934_il106790.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. This is a setup program which is used to install the application. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.v4download.com.
Version:
1.1.5.90

MD5:
c8a27d005f339f25978fe920f83e4095

SHA-1:
5dbdf4c8c43809ae072580c27987a9562b217c31

SHA-256:
03a61ab95b46e35d84ea05fbe349abb8596c394ec7f08da1aae26c52b66b0f06

Scanner detections:
25 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:08:33 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.556217
679

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.03.26

Avira AntiVirus
ADWARE/Adware.Gen2
3.6.1.96

avast!
Win32:Dropper-gen [Drp]
2014.9-150328

Baidu Antivirus
PUA.Win32.Amonetize
4.0.3.15328

Bitdefender
Gen:Variant.Adware.Kazy.556217
1.0.20.435

Bkav FE
W32.HfsAdware
1.3.0.6379

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.556217
8.15.03.28.04

Fortinet FortiGate
Adware/Amonetize
3/28/2015

F-Prot
W32/Amonetize.D.gen
v6.4.7.1.166

G Data
Gen:Variant.Adware.Kazy.556217
15.3.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.6.0

K7 AntiVirus
Riskware
13.202.15381

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2279

Malwarebytes
PUP.Optional.Amonetize
v2015.03.28.04

McAfee
RDN/Generic PUP.z!ff
5600.6813

MicroWorld eScan
Gen:Variant.Adware.Kazy.556217
16.0.0.261

NANO AntiVirus
Riskware.Win32.Amonetize.dolzah
0.30.8.659

Qihoo 360 Security
Win32/Trojan.f79
1.0.0.1015

Quick Heal
(Suspicious) - DNAScan
3.15.14.00

Trend Micro House Call
TROJ_SPNR.08BH15
7.2.87

Trend Micro
TROJ_SPNR.08BH15
10.465.28

Vba32 AntiVirus
AdWare.Amonetize
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
38844

File size:
642.6 KB (657,992 bytes)

Product version:
1.1.5.90

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\installeriun__7934_il106790.exe

File PE Metadata
Compilation timestamp:
2/15/2015 6:03:20 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:+DqFXX+c4nvxY1ZDwc/guLk1RlZSE5DxzR3n1C7V7+m8t:+DqpXW+/f2/51931aIpt

Entry address:
0x1334A1

Entry point:
60, E8, 64, B8, F8, FF, 8D, 64, 24, 28, 0F, 84, E4, EC, FB, FF, F6, D1, F9, F7, D1, 01, C2, 66, C1, C1, 0F, 8B, 4E, 7C, 66, 0F, A3, D6, E9, 3C, F7, FF, FF, 00, 00, 4C, 6F, 61, 64, 4C, 69, 62, 72, 61, 72, 79, 41, 00, B1, AF, DD, 6F, D3, E6, 6B, A1, 43, 1E, E3, 86, 28, 0B, 98, BC, 5F, B0, D6, BA, E8, E5, 5B, C2, 69, A3, E4, BB, AA, DD, 62, FE, 80, 06, 6E, 4D, 3A, 14, 74, BA, BE, 43, B9, 48, D6, 28, 2B, 29, 61, 14, 68, B0, 60, EE, 89, 40, 83, 95, C0, 28, CF, 4F, EA, 8D, 01, D9, 30, 18, 6A, FC, F2, 2D, 27, 51...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
409 KB (418,816 bytes)

The file Installeriun__7934_il106790.exe has been seen being distributed by the following URL.

Remove Installeriun__7934_il106790.exe - Powered by Reason Core Security