onekit.exe

Montiera Technologies LTD

It is part of the Montiera web browser toolbar monetization platform which injects browser search and advertising within the user's web browser. The application onekit.exe by Montiera Technologies has been detected as adware by 14 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named Onekit triggered by a time event. This file is typically installed with the program Onekit by OneKit Internet, S.L. which is a potentially unwanted software program. While running, it connects to the Internet address ny1wv3280.xglobe.net on port 80 using the HTTP protocol.
Publisher:
Pay By Ads LTD  (signed by Montiera Technologies LTD)

Version:
1.3.0.0

MD5:
3e1f5e3366a9c06a5b95bad869fe2590

SHA-1:
88a388f3a7125cc89d3e38d2332337e33ce0a584

SHA-256:
97523a4931d9bcc75a6125bef83105ebb5b8a709c60955ba350d0dc2c18c2332

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
12/24/2024 1:35:45 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Montiera
2016.0.3228

Baidu Antivirus
PUA.Win32.Montiera
4.0.3.14914

ESET NOD32
Win32/Toolbar.Montiera (variant)
8.10232

Fortinet FortiGate
Riskware/Montiera
1/16/2015

herdProtect (fuzzy)
2014.9.14.16

K7 AntiVirus
Unwanted-Program
13.191.14658

Kaspersky
not-a-virus:WebToolbar.Win32.Montiera
14.0.0.3252

Malwarebytes
PUP.Optional.PayByAds.A
v2014.08.06.06

McAfee
Artemis!3E1F5E3366A9
5600.6884

Panda Antivirus
Trj/Chgt.B
14.09.14.12

Reason Heuristics
PUP.Task.Montiera
15.1.16.1

Sophos
Generic PUA MA
4.98

Trend Micro House Call
Suspicious_GEN.F47V0808
7.2.257

VIPRE Antivirus
Montiera
32094

File size:
534.4 KB (547,208 bytes)

Copyright:
All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\onekit\onekit\1.3.11.0\onekit.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
7/22/2014 5:00:00 PM

Valid to:
7/23/2015 4:59:59 PM

Subject:
CN=Montiera Technologies LTD, O=Montiera Technologies LTD, STREET=Harbert Samuel 46, L=Tel Aviv, S=Gush Dan, PostalCode=6330303, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CCD3CD85F8C32F5C3FF9264E1A57C07D

File PE Metadata
Compilation timestamp:
8/4/2014 7:20:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:34dmrsRivfB3nA74Y7hCEj1KqqLlH9Oi/DlYdTBFRH2hDaRok5:NKHAldOi/Dl6FRWhCoc

Entry address:
0x3F736

Entry point:
E8, AA, 83, 00, 00, E9, 89, FE, FF, FF, B8, 2A, 86, 44, 00, A3, 10, 7A, 46, 00, C7, 05, 14, 7A, 46, 00, 20, 7D, 44, 00, C7, 05, 18, 7A, 46, 00, D4, 7C, 44, 00, C7, 05, 1C, 7A, 46, 00, 0D, 7D, 44, 00, C7, 05, 20, 7A, 46, 00, 76, 7C, 44, 00, A3, 24, 7A, 46, 00, C7, 05, 28, 7A, 46, 00, A2, 85, 44, 00, C7, 05, 2C, 7A, 46, 00, 92, 7C, 44, 00, C7, 05, 30, 7A, 46, 00, F4, 7B, 44, 00, C7, 05, 34, 7A, 46, 00, 80, 7B, 44, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, BB, 8E, 00, 00, DB...
 
[+]

Entropy:
6.5403

Code size:
330 KB (337,920 bytes)

Scheduled Task
Task name:
Onekit

Trigger:
Time (Next runs on 8/6/2014 at 3:50 PM)


The file onekit.exe has been discovered within the following program.

Onekit  by OneKit Internet, S.L.
Part of the Montiera Technologies LTD group of web browser toolbars.
www.onekit.com
About 54% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ny1wv3280.xglobe.net  (204.145.82.20:80)

TCP (HTTP):
Connects to NY1WV3659  (204.145.82.27:80)

TCP (HTTP):
Connects to NY1WV3561  (204.145.82.26:80)

TCP (HTTP):
Connects to NY1WV3438  (204.145.82.24:80)

TCP (HTTP):
Connects to 51-15-145-148.rev.poneytelecom.eu  (51.15.145.148:80)

TCP (HTTP):
Connects to 189.152.251.23.bc.googleusercontent.com  (23.251.152.189:80)

Remove onekit.exe - Powered by Reason Core Security