home

mediaplayer__9220_i1428123181_il25.exe

Prodlogistyka LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application mediaplayer__9220_i1428123181_il25.exe by Prodlogistyka has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Prodlogistyka LLC  (signed and verified)

Version:
1.1.5.89

MD5:
11ca9ed4d1938d941ff68c0e091a7ec8

SHA-1:
708dcacbac281f767b46478efaca377dd1650636

SHA-256:
4cb28ea5ecb3ef7d5a3028a404f55708edfc7044e8d7113e0b8fef831a92d682

Scanner detections:
17 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 4:54:52 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.02.26

Avira AntiVirus
ADWARE/Adware.Gen4
7.11.212.142

avast!
Win32:Amonetize-HE [PUP]
150129-1

AVG
Generic_r
2016.0.3187

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Amonetize.341
9.0.1.05190

ESET NOD32
Win32/Amonetize.CH potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Amonetize
2/26/2015

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
15.0.0.543

Malwarebytes
PUP.Optional.Amonetize
v2015.02.26.06

NANO AntiVirus
Riskware.Win32.Amonetize.dkinix
0.30.0.296

Norman
Gen:Variant.Graftor.166062
03.12.2014 13:20:04

Reason Heuristics
PUP.Installer.Amonetize
15.2.26.5

Trend Micro House Call
TROJ_GEN.R02SH07AB15
7.2.57

Vba32 AntiVirus
AdWare.Amonetize
3.12.26.3

Zillya! Antivirus
Adware.Amonetize.Win32.1786
2.0.0.2081

File size:
604.2 KB (618,696 bytes)

Product version:
1.1.5.89

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\dat\mediaplayer__9220_i1428123181_il25.exe

Digital Signature
Signed by:
Prodlogistyka LLC

Authority:
thawte, Inc.

Valid from:
12/16/2014 1:00:00 AM

Valid to:
12/17/2015 12:59:59 AM

Subject:
CN=Prodlogistyka LLC, O=Prodlogistyka LLC, L=Kharkiv, S=Alabama, C=UA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6EA4BF001566F2722AC7CE8C3A4F62AE

File PE Metadata
Compilation timestamp:
12/10/2014 5:46:49 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:zfGe2n/3/kQDmPozQDDDXqK1ozzJswiBVUoJ6QDBU1Y:zfGh/Wo8HozzWwiBuoJ3BU1Y

Entry address:
0xE294

Entry point:
E8, 7B, 78, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 7C, 0F, 39, 00, FF, 15, C4, 80, 38, 00, 85, C0, 75, 18, 56, E8, 8D, 2F, 00, 00, 8B, F0, FF, 15, 24, 80, 38, 00, 50, E8, 3D, 2F, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, AA, E2, FF, FF, C7, 06, 1C, 8C, 38, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 1C, 8C, 38, 00, E9, EE, E2, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 1C, 8C, 38, 00, E8, DB, E2, FF, FF...
 
[+]

Code size:
153 KB (156,672 bytes)

Remove mediaplayer__9220_i1428123181_il25.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.