paypaltool__7934_il26472.exl

The file paypaltool__7934_il26472.exl has been detected as a potentially unwanted program by 13 anti-malware scanners. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from downloadmee.com and multiple other hosts.
Version:
1.1.5.90

MD5:
6a23c61be5fb5df1cb1ef35229f0cffb

SHA-1:
99c87b62b08c854193a681e631e2a3a4a11e3e61

SHA-256:
367c35ac415517c33d8f732c15e5f1f053af830d54d762246218d5d82306300b

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 1:31:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.79179
383

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.03.29

Avira AntiVirus
ADWARE/Adware.Gen2
3.6.1.96

Baidu Antivirus
PUA.Win32.Amonetize
4.0.3.16117

Bitdefender
Gen:Variant.Strictor.79179
1.0.20.85

Bkav FE
HW32.Packed
1.3.0.6379

Emsisoft Anti-Malware
Gen:Variant.Strictor.79179
8.16.01.17.08

ESET NOD32
Win32/Amonetize.EA potentially unwanted (variant)
10.11392

F-Secure
Gen:Variant.Strictor.79179
11.2016-17-01_1

G Data
Gen:Variant.Strictor.79179
16.1.25

MicroWorld eScan
Gen:Variant.Strictor.79179
17.0.0.51

Reason Heuristics
PUP.Amonetize (M)
16.1.17.20

Vba32 AntiVirus
Malware-Cryptor.General.6
3.12.26.3

File size:
1.2 MB (1,281,024 bytes)

Product version:
1.1.5.90

Original file name:
setup.exe

Language:
English (United States)

Common path:
C:\users\{user}\downloads\paypaltool__7934_il26472.exl

File PE Metadata
Compilation timestamp:
3/22/2015 12:01:21 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:jSvKLRXOyTdJaiCDTJU6nLkawdD6JEp9C61pp2qmneHzuAWPaIu:jA+XO0qDTJUeLkawN6JEpl3EqHHzuyI

Entry address:
0x248608

Entry point:
EB, 08, 6F, 0C, 11, 00, 00, 00, 00, 00, E9, 80, D1, EF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C0, 2A, 47, 00, 70, 86, 64, 00, F2, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 5A, AF, 02, 00, 64, B0, 02, 00, 00, C6, 02, 00, 70, 4D, 03, 00, B0, 9B, 04, 00, B2, 58, 05, 00...
 
[+]

Entropy:
7.9208  (probably packed)

Code size:
1.1 MB (1,133,568 bytes)

The file paypaltool__7934_il26472.exl has been seen being distributed by the following 2 URLs.

http://downloadmee.com/download.php?id=lubiekeppa&title=Adobe Flash Player 2015

Remove paypaltool__7934_il26472.exl - Powered by Reason Core Security