minecraft__4621_il568.exe

Installer

Amonetize ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application minecraft__4621_il568.exe by Amonetize ltd has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The installer is marketed through download protals and search ads as Minecraft but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Amônétízé Ltd  (signed by Amonetize ltd.)

Product:
Installer

Version:
1.1.1.20

MD5:
d10282e7955bd821f71c43f88685112f

SHA-1:
f380c0bbed38ee378400db4fdf74d2243d1df255

SHA-256:
ad6eb1593788417ba3be3e98f7ef96ac52b22c0f833822a2870d2625ba90b808

Scanner detections:
12 / 68

Status:
Adware

Explanation:
This setup file is a re-distribution of the original program that bundles various adware offers during installation including toolbars and browser search extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 12:59:06 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.02.02

avast!
Win32:Amonetize-E [PUP]
2014.9-140201

Comodo Security
ApplicUnwnt
17711

Dr.Web
Adware.Downware.2083
9.0.1.032

ESET NOD32
Win32/Amonetize.AD (variant)
8.9367

Fortinet FortiGate
Riskware/Amonetize
2/1/2014

Malwarebytes
PUP.Optional.InstallMonetizer
v2014.02.01.12

McAfee
Adware-Amonetize!D10282E7955B
5600.7232

Reason Heuristics
PUP.Installer.Amonetizeltd.V
14.8.7.19

Sophos
Amonetize
4.97

Trend Micro House Call
TROJ_GEN.F47V0130
7.2.32

VIPRE Antivirus
Amonetize
26030

File size:
331 KB (338,984 bytes)

Product version:
2.1.12

Copyright:
(c) Amônétízé Ltd, 2012,2013. All rights reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\minecraft__4621_il568.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
3/18/2013 5:00:00 PM

Valid to:
6/18/2015 4:59:59 PM

Subject:
CN=Amonetize ltd., O=Amonetize ltd., L=Raanana, S=Alberta, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
235E7B2F1D4E0152189F6381E2BA8C97

File PE Metadata
Compilation timestamp:
1/30/2014 8:27:24 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:BsqoMBNiuT5YwxT8Z7+zB9bF3jNDeqzd+rBEb0Sf342wzvvwpYJT:BsvMBNiulYwxYZ7+d9bHh0BZSPtwzApi

Entry address:
0x27334

Entry point:
E8, 9A, 95, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF...
 
[+]

Entropy:
6.4602

Code size:
230.5 KB (236,032 bytes)

The file minecraft__4621_il568.exe has been seen being distributed by the following 45 URLs.

http://download.getlinksinaseconds.com/.../get.php?q=12-Years-a-Slave-video.flv.flv&ti1=500000&ti2=1&ti3=2014-01-30T21:14:34.016586 00:00

http://download.venturedownload.com/.../get.php?q=Adobe_Photoshop_Portable_Cs5&ti1=1460000&ti2=0&ti3=2014-02-01T11:47:58.044100 00:00

http://download.venturedownload.com/.../get.php?q=Shaiya_Auto_Attack_Bot&ti1=1460000&ti2=0&ti3=2014-01-31T18:35:02.822127 00:00

http://download.thankdownload.com/.../get.php?q=Key Generator Fmrte 2014&ti1=945000&ti2=0&ti3=2014-02-02T11:10:32.439490 00:00

http://download.getlinksinaseconds.com/.../get.php?q=Navy Investigaci?n Criminal - 7 Temporada&ti1=1075000&ti2=0&ti3=2014-02-01T20:27:43.335692 00:00

Latest 30 of 45 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.soledownload.com  (54.225.181.84:80)

TCP (HTTP):
Connects to www.activemonetizer.com  (23.23.96.46:80)

 
http://www.activemonetizer.com/index.php?Net2=v2.0.50727&Net4=&OSversion=NT5.1SP3&Slv=&Sysid=B21963316&Sysid1=B21963316&X64=N&admin=Y&browser=IEXPLORE.EXE&chver=&exe=ikjut__1747205&offver=&lang_DfltUser=04

Remove minecraft__4621_il568.exe - Powered by Reason Core Security