home

launcher__11002.exe

EVROPLAST LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application launcher__11002.exe by EVROPLAST has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
EVROPLAST LLC  (signed and verified)

Version:
1.1.9.208

MD5:
0bc424ae5b522791725722dceff55511

SHA-1:
d47e77b32286d0a89bd607b7f3028f9bc537d3b6

SHA-256:
1012410bc564b8e3a9e26e4436417ad53f72660860c711cb5e7bd3dae25cda57

Scanner detections:
16 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
1/12/2025 10:58:07 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.01.09

Avira AntiVirus
ADWARE/Adware.Gen4
7.11.200.58

avast!
Win32:PUP-gen [PUP]
150101-1

AVG
Generic6
2016.0.3235

Dr.Web
Trojan.Amonetize.341
9.0.1.05190

ESET NOD32
Win32/Amonetize.CS potentially unwanted application
7.0.302.0

IKARUS anti.virus
AdWare.Amonetize
t3scan.1.8.6.0

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
15.0.0.543

Malwarebytes
PUP.Optional.Amonetize
v2015.01.08.11

NANO AntiVirus
Riskware.Win32.Amonetize.dlgsuu
0.30.0.64448

Norman
Gen:Variant.Graftor.166062
03.12.2014 13:20:04

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.EVROPLAST.P
15.1.8.21

Sophos
PUA 'Amonetize'
5.09

Zillya! Antivirus
Adware.Amonetize.Win32.1891
2.0.0.2029

File size:
563.7 KB (577,216 bytes)

Product version:
1.1.9.208

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\launcher__11002.exe

Digital Signature
Signed by:
EVROPLAST LLC

Authority:
thawte, Inc.

Valid from:
12/21/2014 7:00:00 PM

Valid to:
12/22/2015 6:59:59 PM

Subject:
CN=EVROPLAST LLC, O=EVROPLAST LLC, L=Donetsk, S=Alberta, C=UA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
3A189EC1963AB0505C115175C20CD893

File PE Metadata
Compilation timestamp:
12/26/2014 1:07:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:z/XnAkW/H5WsJL9UGCyrmyR3jpTPvJxKT+v:z/wkW/AsMGhXFTPhxZv

Entry address:
0xB0FA

Entry point:
E8, 1A, 3E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, C4, 5B, 39, 00, FF, 15, A4, E0, 38, 00, 85, C0, 75, 18, 56, E8, 50, 2D, 00, 00, 8B, F0, FF, 15, 84, E0, 38, 00, 50, E8, 00, 2D, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 9A, ED, FF, FF, C7, 06, C0, EB, 38, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, C0, EB, 38, 00, E9, DE, ED, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, C0, EB, 38, 00, E8, CB, ED, FF, FF...
 
[+]

Code size:
115.5 KB (118,272 bytes)

Remove launcher__11002.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.