iwantthis.exe

I Want This

215 Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application iwantthis.exe, “I Want This Installer” by 215 Apps has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
215 Apps  (signed and verified)

Product:
I Want This

Description:
I Want This Installer

Version:
1.14.149.149

MD5:
b62ac846db5f7e392a0c6b73ee786e08

SHA-1:
dfd09ce6db5a5554b76a38bac8809b4c9d1c5c47

SHA-256:
7a44c9f6596da81fc67910c7ba2c959bc2672b7f6b4a217a45eab391c4ca9a5a

Scanner detections:
30 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
11/26/2024 2:57:37 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Plush.2
856

Agnitum Outpost
PUA.Toolbar.CrossRider
7.1.1

Avira AntiVirus
Adware/Agent.494424.26
7.11.173.16

AVG
SmartShopper.K
2015.0.3334

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.14102

Bitdefender
Gen:Variant.Adware.Plush.2
1.0.20.1375

Bkav FE
HW32.Paked
1.3.0.4959

Comodo Security
UnclassifiedMalware
19546

Dr.Web
Adware.GamePlayLabs.17
9.0.1.0275

Emsisoft Anti-Malware
Gen:Variant.Adware.Plush
8.14.10.02.12

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.10434

Fortinet FortiGate
W32/Toolbar.CROSSRIDER
10/2/2014

F-Prot
W32/GamePlay.D.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Plush.2
11.2014-02-10_5

G Data
Gen:Variant.Adware.Plush
14.10.24

IKARUS anti.virus
AdWare.SuspectCRC
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.183.13407

Malwarebytes
PUP.Optional.IWantThis.A
v2014.10.02.12

McAfee
Artemis!B62AC846DB5F
5600.6990

MicroWorld eScan
Gen:Variant.Adware.Plush.2
15.0.0.825

NANO AntiVirus
Trojan.Win32.Generic.deinni
0.28.2.62151

Qihoo 360 Security
Win32/Virus.Adware.7e8
1.0.0.1015

Quick Heal
Adware.Crossid (Not a Virus)
10.14.14.00

Reason Heuristics
PUP.Installer.215Apps.J
14.10.2.0

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.14930

Sophos
AppRider
4.98

Trend Micro House Call
TROJ_GE.7162B978
7.2.275

Trend Micro
TROJ_GE.7162B978
10.465.02

Vba32 AntiVirus
TrojanDownloader.LilyJade.a
3.12.16.4

VIPRE Antivirus
GamePlayLabs
33214

File size:
1.9 MB (1,998,424 bytes)

Copyright:
Copyright 215 Apps

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\downloads\iwantthis.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/24/2011 5:00:00 PM

Valid to:
10/24/2012 4:59:59 PM

Subject:
CN=215 Apps, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=215 Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4D064A782BC23A29CC9B8499A9F4AFB4

File PE Metadata
Compilation timestamp:
1/5/2010 4:09:27 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
49152:/AtezkdYt+6Hs1CRCIG1LxcsN/exbpLH5Cfizr324Huy5s1CRCt+63:YUzIYQz1CR9G1Lxd/ephZ9zrNHuj1CRo

Entry address:
0x3E13

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 98, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 3C, 4F, 00, 00, 53, C7, 04, 24, 00, 00, 00, 00, E8, A7, 52, 00, 00, A3, 48, 5C, 42, 00, 51, C7, 04, 24, 08, 00, 00, 00, E8, 27, 32, 00, 00, A3, F8, 5C, 42, 00, 8D, 85, 84, FE, FF, FF, 52, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 4C, B2, 40, 00, E8, D1, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, 4D, B2, 40, 00, C7, 04, 24, 28, 5D...
 
[+]

Entropy:
7.9930  (probably packed)

Code size:
32.5 KB (33,280 bytes)

The file iwantthis.exe has been seen being distributed by the following 9 URLs.

http://cdn.bigrewardstoday.com/50onred/.../IWantThis.exe

http://cdn.snapdailydeals.net/50onred/.../IWantThis.exe

http://cdn.get-goodies.com/50onred/.../IWantThis.exe

http://cdn.spring-specials.com/50onred/.../IWantThis.exe

Remove iwantthis.exe - Powered by Reason Core Security