launcher__3834_il22066.exe

The application launcher__3834_il22066.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from download.getlinksinaseconds.com and multiple other hosts. While running, it connects to the Internet address server-54-230-157-104.sin3.r.cloudfront.net on port 80 using the HTTP protocol.
Version:
1.1.5.90

MD5:
ad1c27b3c61f35f65038a79262b89b12

SHA-1:
ced3ef8712645feb82886869a89b8e21a95e185a

SHA-256:
de97794979a3b9f740c79b46648f7ab907888b264f0633eb9fbd88be85395c86

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:55:12 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1622289
1044

AhnLab V3 Security
PUP/Win32.Amonetiz
14.03.28

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.139.230

Bitdefender
Trojan.GenericKD.1622289
1.0.20.435

Comodo Security
ApplicUnwnt
18007

Emsisoft Anti-Malware
Trojan.GenericKD.1622289
8.14.03.28.11

ESET NOD32
Win32/Amonetize.AJ (variant)
8.9608

Fortinet FortiGate
Riskware/Amonetize
3/28/2014

G Data
Trojan.GenericKD.1622289
14.3.24

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize
14.0.0.4103

Malwarebytes
PUP.Optional.Amonetize.A
v2014.03.28.11

McAfee
Artemis!AD1C27B3C61F
5600.7178

MicroWorld eScan
Trojan.GenericKD.1622289
15.0.0.261

Qihoo 360 Security
Win32/Virus.Adware.932
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.3.31.15

Sophos
Amonetize
4.98

Trend Micro House Call
TROJ_GEN.F47V0327
7.2.87

VIPRE Antivirus
Amonetize
27798

File size:
331.5 KB (339,456 bytes)

Product version:
1.1.5.90

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\launcher__3834_il22066.exe

File PE Metadata
Compilation timestamp:
3/27/2014 9:16:27 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:oNEbWTaJmUL+Dvzy+bBxA3IBCTeR2hMNb/ksRoAfQBqlss4I3/sBHO:oNEbWEmUa7zy+lxAnXsksaAfQBgssGBu

Entry address:
0x28131

Entry point:
E8, D0, 97, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 53, 56, 8B, 44, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 0C, F7, F1, 8B, D3, EB, 41, 8B, C8, 8B, 5C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 18, 8B, C8, 8B, 44, 24, 14, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 10, 77, 08, 72, 07, 3B, 44, 24, 0C, 76, 01, 4E, 33, D2, 8B, C6, 5E, 5B, C2, 10, 00, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F...
 
[+]

Entropy:
6.4345

Code size:
236.5 KB (242,176 bytes)

The file launcher__3834_il22066.exe has been seen being distributed by the following 40 URLs.

Latest 30 of 40 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to server-54-230-157-104.sin3.r.cloudfront.net  (54.230.157.104:80)

Remove launcher__3834_il22066.exe - Powered by Reason Core Security