» kur__10482_il1826025.exe
Overview
Analysis
File Details
Downloads (1)

kur__10482_il1826025.exe

Install Path Ltd

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application kur__10482_il1826025.exe by Install Path has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

Install Path Ltd (signed and verified)

Version:

1.1.5.26

MD5:

c5050e2354940d73565c1b88bf19d0aa

SHA-1:

9514d9a99c2bac1e6c15a0cb2450d51759ac53e4

SHA-256:

e23455bf179296ebce7bd98181b81fff447b3131fa74b50982b3ad2a049a8411

Scanner detections:

20 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/26/2024 11:17:39 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Amonetize

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetize

2014.10.13

Avira AntiVirus

ADWARE/Adware.Gen4

7.11.177.204

AVG

Generic_r

2015.0.3317

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.141019

Dr.Web

Adware.Downware.8706

9.0.1.0292

ESET NOD32

Win32/Amonetize.BS (variant)

8.10550

Fortinet FortiGate

Adware/Amonetize

10/19/2014

F-Prot

W32/A-2cc77b1b

v6.4.7.1.166

G Data

Win32.Adware.Amonetize

14.10.24

Kaspersky

not-a-virus:AdWare.Win32.Amonetize

14.0.0.3078

Malwarebytes

PUP.Optional.Amonetize

v2014.10.19.11

McAfee

RDN/Generic PUP.x!c2r

5600.6973

NANO AntiVirus

Riskware.Win32.Downware.dgibky

0.28.2.62483

Panda Antivirus

PUP/MultiToolbar.A

14.10.19.11

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.InstallPath.U

14.10.19.11

Sophos

Generic PUA JF

4.98

Trend Micro House Call

TROJ_GEN.R02SH07JA14

7.2.292

Zillya! Antivirus

Adware.Amonetize.Win32.1342

2.0.0.1952

File size:

391.1 KB (400,464 bytes)

Product version:

1.1.5.26

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Amonetize Downloader

Language:

English (United States)

Common path:

C:\users\{user}\downloads\kur__10482_il1826025.exe

Digital Signature

Signed by:

Install Path Ltd

Authority:

COMODO CA Limited

Valid from:

9/30/2014 3:00:00 AM

Valid to:

10/1/2015 2:59:59 AM

Subject:

CN=Install Path Ltd, O=Install Path Ltd, POBox=5252006, STREET=5 Jabotinsky, L=Ramat Gan, S=Israel, PostalCode=5252006, C=IL

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6A3E741693684D391CB829104B174F69

File PE Metadata

Compilation timestamp:

10/3/2014 7:04:44 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:JkLtLfUuZBLy4Tmsrv8j+ki8xC+EGDgp:JkLtDXnSsQjpkPGDgp

Entry address:

0x15E50

Entry point:

E8, 43, 6A, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 44, 6E, 3C, 00, 00, 75, 18, E8, C2, 60, 00, 00, 6A, 1E, E8, 0C, 5F, 00, 00, 68, FF, 00, 00, 00, E8, B6, F4, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 44, 6E, 3C, 00, FF, 15, 58, E1, 3B, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 44, 6E, 3C, 00, 00, 75, 18, E8, 78, 60, 00, 00, 6A, 1E, E8, C2, 5E, 00, 00, 68, FF, 00, 00, 00, E8, 6C, F4, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3... 
[+]

Code size:

178.5 KB (182,784 bytes)

The file kur__10482_il1826025.exe has been seen being distributed by the following URL.

http://www.fetch-files.com/.../Windows Loader 2.3.0__8173_il205.exe

Remove kur__10482_il1826025.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.