mediaplayer__3936_il1857.exe

EVROPLAST LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application mediaplayer__3936_il1857.exe by EVROPLAST has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
EVROPLAST LLC  (signed and verified)

Version:
1.1.5.90

MD5:
1e10dd8f4d96947c9e203ec9462337d1

SHA-1:
8917ad73fe0d1c0a8a8280385a22c931fa67ccb7

SHA-256:
ffdd06e316c6e47b53bf4352c2ddb3ca43551bcbcccb2ad58c6e7a1588867d99

Scanner detections:
12 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 2:52:06 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.12.31

Avira AntiVirus
Adware/Amonetize.575680.15
7.11.198.192

Dr.Web
Trojan.Amonetize.341
9.0.1.0364

ESET NOD32
Win32/Amonetize.CK (variant)
8.10945

Fortinet FortiGate
Adware/Amonetize
12/31/2014

K7 AntiVirus
Unwanted-Program
13.188.14496

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2712

McAfee
Artemis!1E10DD8F4D96
5600.6900

Panda Antivirus
Generic Suspicious
14.12.31.04

Reason Heuristics
PUP.Installer.EVROPLAST.Y
15.1.4.13

Sophos
Generic PUA HM
4.98

Trend Micro House Call
Suspicious_GEN.F47V1230
7.2.364

File size:
562.2 KB (575,680 bytes)

Product version:
1.1.5.90

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\dat\mediaplayer__3936_il1857.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
12/22/2014 1:00:00 AM

Valid to:
12/23/2015 12:59:59 AM

Subject:
CN=EVROPLAST LLC, O=EVROPLAST LLC, L=Donetsk, S=Alberta, C=UA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
3A189EC1963AB0505C115175C20CD893

File PE Metadata
Compilation timestamp:
12/26/2014 7:07:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:s/XnAkWmq/0U3NgAJk8WnmaUQrJaEMwV1DT+S:s/wkWfLNgAnfQrsh01mS

Entry address:
0xB0FA

Entry point:
E8, 1A, 3E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, C4, 5B, 39, 00, FF, 15, A4, E0, 38, 00, 85, C0, 75, 18, 56, E8, 50, 2D, 00, 00, 8B, F0, FF, 15, 84, E0, 38, 00, 50, E8, 00, 2D, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 9A, ED, FF, FF, C7, 06, C0, EB, 38, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, C0, EB, 38, 00, E9, DE, ED, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, C0, EB, 38, 00, E8, CB, ED, FF, FF...
 
[+]

Code size:
115.5 KB (118,272 bytes)

Remove mediaplayer__3936_il1857.exe - Powered by Reason Core Security