myegy.progdvb.7.07.0.x32.elk ng.rar__3038_i1378084246_il2936754.exe

Ukra-2006 LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application myegy.progdvb.7.07.0.x32.elk ng.rar__3038_i1378084246_il2936754.exe by Ukra-2006 has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Ukra-2006 LLC  (signed and verified)

Version:
1.1.8.22

MD5:
86834281a11c68872ba7cb52623db592

SHA-1:
f9c5e9ac2465cab9f7c492868b897519ffd85cbb

SHA-256:
762b5eb89411f3c16a1e4a09f006a0cff9840057f44f84feb4986e3e1a3ef44a

Scanner detections:
8 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 4:51:48 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen4
7.11.179.140

AVG
Ukra
2015.0.3310

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.141025

ESET NOD32
Win32/Amonetize.BT (variant)
8.10585

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.3047

McAfee
Artemis!86834281A11C
5600.6966

Reason Heuristics
PUP.Installer.Ukra2006.y
14.10.25.16

Sophos
Amonetize
4.98

File size:
551.7 KB (564,944 bytes)

Product version:
1.1.8.22

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\myegy.progdvb.7.07.0.x32.elk ng.rar__3038_i1378084246_il2936754.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
7/1/2014 12:00:00 AM

Valid to:
7/1/2015 11:59:59 PM

Subject:
CN=Ukra-2006 LLC, O=Ukra-2006 LLC, L=Kharkiv, S=Harkivska obl, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B3200D1AF3CAC4253C00F000EF4BAB9

File PE Metadata
Compilation timestamp:
10/13/2014 10:21:50 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:V8rSVLtRMm8AZJHAPFTaKh42JXyyvwU9bcTLY/0RHH17W0f:erSVAAPHAdTaq4lwbHsRHcw

Entry address:
0x11D8A

Entry point:
E8, E8, 69, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 9C, 5E, 3A, 00, 00, 75, 18, E8, C7, 5E, 00, 00, 6A, 1E, E8, 11, 5D, 00, 00, 68, FF, 00, 00, 00, E8, 7C, F3, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 9C, 5E, 3A, 00, FF, 15, EC, A0, 39, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 9C, 5E, 3A, 00, 00, 75, 18, E8, 7D, 5E, 00, 00, 6A, 1E, E8, C7, 5C, 00, 00, 68, FF, 00, 00, 00, E8, 32, F3, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Code size:
163 KB (166,912 bytes)

The file myegy.progdvb.7.07.0.x32.elk ng.rar__3038_i1378084246_il2936754.exe has been seen being distributed by the following URL.