mediaplayer__3137_il94.exe

EVROPLAST LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application mediaplayer__3137_il94.exe by EVROPLAST has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
EVROPLAST LLC  (signed and verified)

Version:
1.1.5.55

MD5:
1aad81c5b4db33c7985ac55b2023ea57

SHA-1:
cb28642ba125128cc79119a0d67004629041162f

SHA-256:
edd88968819f1aa97fef09374ee7a42f35e7ec9280939ee571d3003f1eefd88b

Scanner detections:
6 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 2:30:24 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.12.31

avast!
Win32:Dropper-gen [Drp]
2014.9-150101

Dr.Web
Trojan.Amonetize.341
9.0.1.01

ESET NOD32
Win32/Amonetize.CK (variant)
9.10948

Reason Heuristics
PUP.Installer.EVROPLAST.W
15.1.4.13

Sophos
Amonetize
4.98

File size:
562.2 KB (575,680 bytes)

Product version:
1.1.5.55

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\mediaplayer__3137_il94.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
12/21/2014 6:00:00 PM

Valid to:
12/22/2015 5:59:59 PM

Subject:
CN=EVROPLAST LLC, O=EVROPLAST LLC, L=Donetsk, S=Alberta, C=UA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
3A189EC1963AB0505C115175C20CD893

File PE Metadata
Compilation timestamp:
12/26/2014 12:07:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:3/XnAkW/MzpQ6mEW83I9Ty/aWxu4Uy4Sdhn6FiT+m:3/wkW/MzpPmEWToN9UpW6Fhm

Entry address:
0xB0FA

Entry point:
E8, 1A, 3E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, C4, 5B, 39, 00, FF, 15, A4, E0, 38, 00, 85, C0, 75, 18, 56, E8, 50, 2D, 00, 00, 8B, F0, FF, 15, 84, E0, 38, 00, 50, E8, 00, 2D, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 9A, ED, FF, FF, C7, 06, C0, EB, 38, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, C0, EB, 38, 00, E9, DE, ED, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, C0, EB, 38, 00, E8, CB, ED, FF, FF...
 
[+]

Entropy:
7.6635

Code size:
115.5 KB (118,272 bytes)

The file mediaplayer__3137_il94.exe has been seen being distributed by the following 14 URLs.

http://www.slow-tsunami-file.com/.../FlashPlayer__10155_i1438557330_il7.exe

Remove mediaplayer__3137_il94.exe - Powered by Reason Core Security