» paypaltool__7934_il26472.exl
Overview
Analysis
File Details
Downloads (2)

paypaltool__7934_il26472.exl

The file paypaltool__7934_il26472.exl has been detected as a potentially unwanted program by 13 anti-malware scanners. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from downloadmee.com and multiple other hosts.

File name:

Version:

1.1.5.90

MD5:

6a23c61be5fb5df1cb1ef35229f0cffb

SHA-1:

99c87b62b08c854193a681e631e2a3a4a11e3e61

SHA-256:

367c35ac415517c33d8f732c15e5f1f053af830d54d762246218d5d82306300b

Scanner detections:

13 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 12:14:02 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.79179

383

AhnLab V3 Security

PUP/Win32.Amonetiz

2015.03.29

Avira AntiVirus

ADWARE/Adware.Gen2

3.6.1.96

Baidu Antivirus

PUA.Win32.Amonetize

4.0.3.16117

Bitdefender

Gen:Variant.Strictor.79179

1.0.20.85

Bkav FE

HW32.Packed

1.3.0.6379

Emsisoft Anti-Malware

Gen:Variant.Strictor.79179

8.16.01.17.08

ESET NOD32

Win32/Amonetize.EA potentially unwanted (variant)

10.11392

F-Secure

Gen:Variant.Strictor.79179

11.2016-17-01_1

G Data

Gen:Variant.Strictor.79179

16.1.25

MicroWorld eScan

Gen:Variant.Strictor.79179

17.0.0.51

Reason Heuristics

PUP.Amonetize (M)

16.1.17.20

Vba32 AntiVirus

Malware-Cryptor.General.6

3.12.26.3

File size:

1.2 MB (1,281,024 bytes)

Product version:

1.1.5.90

Original file name:

setup.exe

Language:

English (United States)

Common path:

C:\users\{user}\downloads\paypaltool__7934_il26472.exl

File PE Metadata

Compilation timestamp:

3/22/2015 12:01:21 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:jSvKLRXOyTdJaiCDTJU6nLkawdD6JEp9C61pp2qmneHzuAWPaIu:jA+XO0qDTJUeLkawN6JEpl3EqHHzuyI

Entry address:

0x248608

Entry point:

EB, 08, 6F, 0C, 11, 00, 00, 00, 00, 00, E9, 80, D1, EF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C0, 2A, 47, 00, 70, 86, 64, 00, F2, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 5A, AF, 02, 00, 64, B0, 02, 00, 00, C6, 02, 00, 70, 4D, 03, 00, B0, 9B, 04, 00, B2, 58, 05, 00... 
[+]

Entropy:

7.9208 (probably packed)

Code size:

1.1 MB (1,133,568 bytes)

The file paypaltool__7934_il26472.exl has been seen being distributed by the following 2 URLs.

http://downloadmee.com/download.php?id=lubiekeppa&title=Adobe Flash Player 2015

http://v4download.com/download.php?id=realninja&title=CLASHOFCLANSHACKTOOLV_4_1.exe

Remove paypaltool__7934_il26472.exl - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.