» iwantthis.exe
Overview
Analysis
File Details
Downloads (9)

iwantthis.exe

I Want This

215 Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application iwantthis.exe, “I Want This Installer” by 215 Apps has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

iwantthis.exe

Publisher:

215 Apps (signed and verified)

Product:

I Want This

Description:

I Want This Installer

Version:

1.14.149.149

MD5:

b62ac846db5f7e392a0c6b73ee786e08

SHA-1:

dfd09ce6db5a5554b76a38bac8809b4c9d1c5c47

SHA-256:

7a44c9f6596da81fc67910c7ba2c959bc2672b7f6b4a217a45eab391c4ca9a5a

Scanner detections:

30 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

11/26/2024 2:57:37 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Plush.2

856

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

Avira AntiVirus

Adware/Agent.494424.26

7.11.173.16

AVG

SmartShopper.K

2015.0.3334

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14102

Bitdefender

Gen:Variant.Adware.Plush.2

1.0.20.1375

Bkav FE

HW32.Paked

1.3.0.4959

Comodo Security

UnclassifiedMalware

19546

Dr.Web

Adware.GamePlayLabs.17

9.0.1.0275

Emsisoft Anti-Malware

Gen:Variant.Adware.Plush

8.14.10.02.12

ESET NOD32

Win32/Toolbar.CrossRider (variant)

8.10434

Fortinet FortiGate

W32/Toolbar.CROSSRIDER

10/2/2014

F-Prot

W32/GamePlay.D.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Plush.2

11.2014-02-10_5

G Data

Gen:Variant.Adware.Plush

14.10.24

IKARUS anti.virus

AdWare.SuspectCRC

t3scan.1.7.8.0

K7 AntiVirus

Trojan

13.183.13407

Malwarebytes

PUP.Optional.IWantThis.A

v2014.10.02.12

McAfee

Artemis!B62AC846DB5F

5600.6990

MicroWorld eScan

Gen:Variant.Adware.Plush.2

15.0.0.825

NANO AntiVirus

Trojan.Win32.Generic.deinni

0.28.2.62151

Qihoo 360 Security

Win32/Virus.Adware.7e8

1.0.0.1015

Quick Heal

Adware.Crossid (Not a Virus)

10.14.14.00

Reason Heuristics

PUP.Installer.215Apps.J

14.10.2.0

Rising Antivirus

NS:PUF.SilenceInstaller!1.9DDF

23.00.65.14930

Sophos

AppRider

4.98

Trend Micro House Call

TROJ_GE.7162B978

7.2.275

Trend Micro

TROJ_GE.7162B978

10.465.02

Vba32 AntiVirus

TrojanDownloader.LilyJade.a

3.12.16.4

VIPRE Antivirus

GamePlayLabs

33214

File size:

1.9 MB (1,998,424 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\downloads\iwantthis.exe

Digital Signature

Signed by:

215 Apps

Authority:

VeriSign, Inc.

Valid from:

10/24/2011 5:00:00 PM

Valid to:

10/24/2012 4:59:59 PM

Subject:

CN=215 Apps, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=215 Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4D064A782BC23A29CC9B8499A9F4AFB4

File PE Metadata

Compilation timestamp:

1/5/2010 4:09:27 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

49152:/AtezkdYt+6Hs1CRCIG1LxcsN/exbpLH5Cfizr324Huy5s1CRCt+63:YUzIYQz1CR9G1Lxd/ephZ9zrNHuj1CRo

Entry address:

0x3E13

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 98, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 3C, 4F, 00, 00, 53, C7, 04, 24, 00, 00, 00, 00, E8, A7, 52, 00, 00, A3, 48, 5C, 42, 00, 51, C7, 04, 24, 08, 00, 00, 00, E8, 27, 32, 00, 00, A3, F8, 5C, 42, 00, 8D, 85, 84, FE, FF, FF, 52, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 4C, B2, 40, 00, E8, D1, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, 4D, B2, 40, 00, C7, 04, 24, 28, 5D... 
[+]

Entropy:

7.9930 (probably packed)

Code size:

32.5 KB (33,280 bytes)

The file iwantthis.exe has been seen being distributed by the following 9 URLs.

http://cdn.bigrewardstoday.com/50onred/.../IWantThis.exe

http://cdn.snapdailydeals.net/50onred/.../IWantThis.exe

http://cdn.get-goodies.com/50onred/.../IWantThis.exe

http://cdn.spring-specials.com/50onred/.../IWantThis.exe

http://cdn.easy-returns.com/50onred/.../IWantThis.exe

http://cdn.instantgiftpanel.com/50onred/.../IWantThis.exe

http://cdn.jobsathome.cc/50onred/.../IWantThis.exe

http://cdn.logic-boxes.com/50onred/.../IWantThis.exe

http://cdn.grand-offers.net/50onred/.../IWantThis.exe

Remove iwantthis.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.