home

qq international english version_10924_i11486019_il345.exe

TECHNOINOX LTD

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application qq international english version_10924_i11486019_il345.exe by TECHNOINOX has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
TECHNOINOX LTD  (signed and verified)

MD5:
3ce11b5652625a49aca6439f66787f19

SHA-1:
4e440a72a4621a86a9f5ed48c01f082ccd29de5a

SHA-256:
7364c94b59c281549488f70f27b5cf9ece915d638a6a2531b09eb6aecdac3009

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/16/2024 8:48:55 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
PUP-gen [PUP]
141214-1

AVG
Generic
2016.0.3243

Clam AntiVirus
Win.Adware.Amonetize-511
0.98/19865

Dr.Web
Trojan.Amonetize.329
9.0.1.05190

G Data
NSIS.Application.Crypted
15.1.24

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize
14.0.0.2708

McAfee
Artemis!8F00B3F9F161
5600.6899

Panda Antivirus
Generic Suspicious
15.01.01.11

Reason Heuristics
PUP.TECHNOINOX
15.1.12.10

Rising Antivirus
PE:AdWare.Win32.Adpeak.c!1075356117
23.00.65.141230

Trend Micro House Call
Suspici.1CC0D1BF
7.2.1

VIPRE Antivirus
Threat.4150696
35418

File size:
303.5 KB (310,824 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\qq international english version_10924_i11486019_il345.exe

Digital Signature
Signed by:
TECHNOINOX LTD

Authority:
Thawte, Inc.

Valid from:
11/9/2014 4:00:00 PM

Valid to:
11/10/2015 3:59:59 PM

Subject:
CN=TECHNOINOX LTD, O=TECHNOINOX LTD, L=Novomoskovsk, S=Novomoskovsk, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
289382C761C954AB4B4868F20770B328

File PE Metadata
Compilation timestamp:
10/6/2014 9:40:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:PGC7W7BU5gMqKGqcUz9PbroKdX1J/hres0lfuIA0l0ixkkhFg1:1a7gfqKGqP9DroKdXMs0RlPx61

Entry address:
0x322E

Entry point:
81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 81, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 09, A3, 78, 4F, 43, 00, E8, FD, 2E, 00, 00, A3, C4, 4E, 43, 00, 55, 8D, 44, 24, 38, 68, B4, 02, 00, 00, 50, 55, 68, D8, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, C0, A2, 40, 00, 68, C0, 3E, 43, 00, E8, 68, 2B, 00, 00, FF, 15, 38, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, 56, 2B, 00, 00...
 
[+]

Entropy:
7.9240

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file qq international english version_10924_i11486019_il345.exe has been seen being distributed by the following URL.

http://downprov11.downloadfasteasy.com/.../qq international english version_10924_i11486019_il345.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.