home

iwantthis.exe

I Want This

215 Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application iwantthis.exe, “I Want This Installer” by 215 Apps has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
215 Apps  (signed and verified)

Product:
I Want This

Description:
I Want This Installer

Version:
1.9.146.147

MD5:
5fac702e59d01efe3d912b47af724352

SHA-1:
6399be48cba5bc05267d740123b31b59e0263ff7

SHA-256:
affeaa366ab250a3408bd8a7f68b69836cb94b108db48686f1c9129ad2dcd682

Scanner detections:
29 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
11/27/2024 3:33:53 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.625070
985

Agnitum Outpost
PUA.Toolbar.CrossRider
7.1.1

Avira AntiVirus
ADSPY/Bho.GamePl.BB
7.11.25.200

AVG
SmartShopper.K
2015.0.3463

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.14525

Bitdefender
Adware.Generic.625070
1.0.20.725

Bkav FE
HW32.CDB
1.3.0.4613

Boost by Reason
Optional.215Apps.J
188838

Comodo Security
UnclassifiedMalware
11859

Dr.Web
Adware.GamePlayLabs.17
9.0.1.0145

Emsisoft Anti-Malware
Adware.Generic.625070
8.14.05.25.01

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.9276

Fortinet FortiGate
W32/Toolbar.CROSSRIDER
5/25/2014

F-Prot
W32/GamePlay.D.gen
v6.4.7.1.166

F-Secure
Adware.Generic.625070
11.2014-25-05_1

G Data
Adware.Generic.625070
14.5.22

IKARUS anti.virus
Application.GamePlayLabs
t3scan.2.2.29

K7 AntiVirus
Adware
13.175.10807

Malwarebytes
Adware.GamePlayLabs
v2014.05.25.01

McAfee
Artemis!6CDB19DD7D12
5600.7119

MicroWorld eScan
Adware.Generic.625070
15.0.0.435

Quick Heal
Adware.Crossid (Not a Virus)
5.14.12.00

Reason Heuristics
PUP.Installer.215Apps.J
14.8.7.17

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.14523

Sophos
AppRider
4.96

Trend Micro House Call
TROJ_SPNR.0CLH12
7.2.145

Trend Micro
TROJ_SPNR.0CLH12
10.465.25

Vba32 AntiVirus
TrojanDownloader.LilyJade.a
3.12.16.4

VIPRE Antivirus
GamePlayLabs
25294

File size:
1.9 MB (2,010,840 bytes)

Copyright:
Copyright 215 Apps

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\downloads\iwantthis.exe

Digital Signature
Signed by:
215 Apps

Authority:
VeriSign, Inc.

Valid from:
10/24/2011 8:00:00 PM

Valid to:
10/24/2012 7:59:59 PM

Subject:
CN=215 Apps, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=215 Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4D064A782BC23A29CC9B8499A9F4AFB4

File PE Metadata
Compilation timestamp:
1/5/2010 7:09:27 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
49152:P8tkjzkdYt+6BBE5TNOG1LxcsN/exbpLH5CfizjnsH7NYVJysE5T5t+66:0WjzIYQMO0G1Lxd/ephZ9zjnrzDO5Q3

Entry address:
0x3E13

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 98, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 3C, 4F, 00, 00, 53, C7, 04, 24, 00, 00, 00, 00, E8, A7, 52, 00, 00, A3, 48, 5C, 42, 00, 51, C7, 04, 24, 08, 00, 00, 00, E8, 27, 32, 00, 00, A3, F8, 5C, 42, 00, 8D, 85, 84, FE, FF, FF, 52, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 4C, B2, 40, 00, E8, D1, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, 4D, B2, 40, 00, C7, 04, 24, 28, 5D...
 
[+]

Entropy:
7.9931  (probably packed)

Code size:
32.5 KB (33,280 bytes)

The file iwantthis.exe has been seen being distributed by the following 2 URLs.

http://cdn.unitraveloffers.com/50onred/us/.../IWantThis.exe

http://cdn.freegiftshipping.com/50onred/us/.../IWantThis.exe

Remove iwantthis.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.