inventor2014cv105__5542_il2012241_2.exe

Amonetize ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application inventor2014cv105__5542_il2012241_2.exe by Amonetize ltd has been detected as adware by 38 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.supremedownload.com and multiple other hosts.
Publisher:
Amonetize ltd.  (signed and verified)

Version:
1.1.5.26

MD5:
b4de3ab5f4bb09bb1fb1d5656c8bc388

SHA-1:
80d9941f32f0694bb42a36222e43202f27018b85

SHA-256:
06c088503b97b7ad935383a8029286f9aee5ca32713b35d4f780197381e71f36

Scanner detections:
38 / 68

Status:
Adware

Explanation:
This setup file is a re-distribution of the original program that bundles various adware offers during installation including toolbars and browser search extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
1/15/2025 9:25:05 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Virtob.Gen.12
867

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetize
2014.09.20

Avira AntiVirus
ADWARE/Adware.Gen
7.11.173.110

avast!
Win32:Vitro
2014.9-140921

AVG
Downloader.Generic14
2015.0.3346

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.14919

Bitdefender
Win32.Virtob.Gen.12
1.0.20.1320

Bkav FE
W32.Vetor.PE
1.3.0.4959

Dr.Web
Adware.Downware.8564
9.0.1.0262

Emsisoft Anti-Malware
Win32.Virtob.Gen.12
8.14.09.21.10

ESET NOD32
Win32/Amonetize.BO (variant)
8.10443

Fortinet FortiGate
W32/FakeAV.RQ!tr
9/21/2014

F-Prot
W32/Virut.E.gen
v6.4.6.5.141

F-Secure
Win32.Virtob.Gen.12
11.2014-21-09_1

G Data
Win32.Virtob.Gen.12
14.9.24

K7 AntiVirus
Virus
13.183.13393

Kaspersky
Virus.Win32.Virut
14.0.0.3218

Malwarebytes
PUP.Optional.Amonetize
v2014.09.19.03

McAfee
Artemis!B4DE3AB5F4BB
5600.7002

Microsoft Security Essentials
Threat.Undefined
1.185.155.0

MicroWorld eScan
Win32.Virtob.Gen.12
15.0.0.792

NANO AntiVirus
Riskware.Win32.Amonetize.dffaha
0.28.2.62151

Norman
Virut.HL
11.20140921

nProtect
Virus/W32.Virut.Gen
14.09.17.01

Panda Antivirus
W32/Sality.AO
14.09.21.10

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

Quick Heal
W32.Virut.G
9.14.14.00

Reason Heuristics
PUP.Installer.Amonetizeltd.d
14.9.19.15

Rising Antivirus
PE:Win32.Virut.cx!1553679
23.00.65.14919

Sophos
Generic PUA IA
4.98

Total Defense
Win32/Virut.17408
37.0.11184

Trend Micro House Call
PE_VIRUX.S-3
7.2.264

Trend Micro
PE_VIRUX.S-3
10.465.21

Vba32 AntiVirus
Virus.Virut.14
3.12.26.3

VIPRE Antivirus
Amonetize
33264

ViRobot
Win32.Virut.AM
2011.4.7.4223

Zillya! Antivirus
Virus.Virut.Win32.1939
2.0.0.1925

File size:
404.3 KB (413,984 bytes)

Product version:
1.1.5.26

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\inventor2014cv105__5542_il2012241_2.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
9/16/2014 8:00:00 AM

Valid to:
11/16/2015 7:59:59 AM

Subject:
CN=Amonetize ltd., OU=Amonetize ltd., O=Amonetize ltd., L=Raanana, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4552F20FB38C60DF270F59C4A71B833F

File PE Metadata
Compilation timestamp:
9/10/2014 10:59:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:ea5Mqqub6lskGCEurlTA2xhDUyLdbP4H91Pc5ez8lAOrTWl3wggEiGA20:vMqp6ikqgRpxhy9UehOnmwPGAp

Entry address:
0x17610

Entry point:
E8, 8B, 84, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 94, AF, 3C, 00, 00, 75, 18, E8, A9, 7D, 00, 00, 6A, 1E, E8, F3, 7B, 00, 00, 68, FF, 00, 00, 00, E8, C3, F4, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 94, AF, 3C, 00, FF, 15, 60, 21, 3C, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 94, AF, 3C, 00, 00, 75, 18, E8, 5F, 7D, 00, 00, 6A, 1E, E8, A9, 7B, 00, 00, 68, FF, 00, 00, 00, E8, 79, F4, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Entropy:
7.2780

Code size:
192.5 KB (197,120 bytes)

The file inventor2014cv105__5542_il2012241_2.exe has been seen being distributed by the following 2 URLs.

Remove inventor2014cv105__5542_il2012241_2.exe - Powered by Reason Core Security