home

mine little pony skin maker__3515_i1372902083_il923990.exe

Ukra-2006 LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application mine little pony skin maker__3515_i1372902083_il923990.exe by Ukra-2006 has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Ukra-2006 LLC  (signed and verified)

Version:
1.1.8.22

MD5:
452d7663e840241cb4f4ad48ffa02de3

SHA-1:
50b1ff81f7b212286ee180d61557b349a439ea32

SHA-256:
64353ecbefa10951d3888bf5ba0ed8e17dae50ffede5de7535512d5b227a115c

Scanner detections:
31 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
1/12/2025 7:43:31 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Amonetize.15
432

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetize
2014.12.03

Avira AntiVirus
Adware/Amonetize.kpa
7.11.190.4

avast!
Win32:Amonetize-FF [PUP]
2014.9-151130

AVG
Ukra
2016.0.2910

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.151130

Bitdefender
Gen:Variant.Application.Bundler.Amonetize.15
1.0.20.1670

Dr.Web
Adware.Downware.8818
9.0.1.0334

ESET NOD32
Win32/Amonetize.BW (variant)
9.10818

Fortinet FortiGate
Adware/Amonetize
11/30/2015

F-Prot
W32/A-afcc0da9
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Bundler
11.2015-30-11_2

G Data
Gen:Variant.Application.Bundler.Amonetize.15
15.11.24

IKARUS anti.virus
PUA.Amonetize
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.186.14210

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.1043

Malwarebytes
PUP.Optional.Amonetize
v2015.11.30.07

McAfee
Artemis!452D7663E840
5600.6566

MicroWorld eScan
Gen:Variant.Application.Bundler.Amonetize.15
16.0.0.1002

NANO AntiVirus
Riskware.Win32.Downware.dgsnhp
0.28.6.63850

Panda Antivirus
Trj/Chgt.H
15.11.30.07

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Quick Heal
AdWare.Amonetize.r5 (Not a Virus)
11.15.14.00

Reason Heuristics
PUP.Amonetize.Ukra2006.Bundler (M)
15.11.30.7

Sophos
Amonetize
4.98

Trend Micro House Call
TROJ_GEN.R047C0EJV14
7.2.334

Trend Micro
TROJ_GEN.R047C0EJV14
10.465.30

Vba32 AntiVirus
AdWare.Amonetize
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
35370

Zillya! Antivirus
Adware.Amonetize.Win32.1412
2.0.0.1998

File size:
412.2 KB (422,096 bytes)

Product version:
1.1.8.22

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mine little pony skin maker__3515_i1372902083_il923990.exe

Digital Signature
Signed by:
Ukra-2006 LLC

Authority:
Thawte, Inc.

Valid from:
6/30/2014 8:00:00 PM

Valid to:
7/1/2015 7:59:59 PM

Subject:
CN=Ukra-2006 LLC, O=Ukra-2006 LLC, L=Kharkiv, S=Harkivska obl, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B3200D1AF3CAC4253C00F000EF4BAB9

File PE Metadata
Compilation timestamp:
10/13/2014 6:21:50 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:JE5kxbDL5oOlyOJjmplT6iL4lNUyNzImOm32GG:i5kR20VmrTtINnkpe2/

Entry address:
0x11D8A

Entry point:
E8, E8, 69, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 9C, 5E, 3C, 00, 00, 75, 18, E8, C7, 5E, 00, 00, 6A, 1E, E8, 11, 5D, 00, 00, 68, FF, 00, 00, 00, E8, 7C, F3, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 9C, 5E, 3C, 00, FF, 15, EC, A0, 3B, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 9C, 5E, 3C, 00, 00, 75, 18, E8, 7D, 5E, 00, 00, 6A, 1E, E8, C7, 5C, 00, 00, 68, FF, 00, 00, 00, E8, 32, F3, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Entropy:
7.3843

Code size:
163 KB (166,912 bytes)

The file mine little pony skin maker__3515_i1372902083_il923990.exe has been seen being distributed by the following URL.

http://www-squid.cluster12.fb-hosting-apps.com/download.php?version=1.1.8.22&campid=3515&instid[appname]=mine little pony skin maker_Downloader&instid[appsetupurl]=http://go.edgydownload.com/getfast/download.cgi?9&ti1=1405000&ti2=2&ti3=DD1_2014-10-14T23:55:38.275286 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.edgydownload.com/d1/logo150x150.png&prefix=mine little pony skin maker&instid[thankyoupage]=http://download.edgydownload.com/.../thank_you.php?ti1=1405000&ti2=2&ti3=DD1_2014-10-14T23:55:38.275286 00:00&parameter=mine little pony skin maker&instid[interrupted]=http://download.edgydownload.com/.../interrupted.php?ti1=1405000&ti2=2&ti3=DD1_2014-10-14T23:55:38.275286 00:00&parameter=mine little pony skin maker&ti1=1405000&ti2=2&ti3=DD1_2014-10-14T23:55:38.275286 00:00

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.