setup__189.exe

Installer

Amonetize ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup__189.exe by Amonetize ltd has been detected as adware by 34 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Amonetize  (signed by Amonetize ltd.)

Product:
Installer

Version:
1.1.4.15

MD5:
58006c4fe226d1510a2b0cf39c1b14f0

SHA-1:
a82730f0c12367d49a3c9ea34b05e91d08a8b6b7

SHA-256:
ef3b0d4102a5b96319a1874df010cda0e0e5f70649d8ec198fd1b93a08c9a72e

Scanner detections:
34 / 68

Status:
Adware

Explanation:
This setup file is a re-distribution of the original program that bundles various adware offers during installation including toolbars and browser search extensions.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/25/2024 1:54:00 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.589834
935

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.150.172

avast!
Win32:Amonetize-Q [PUP]
2014.9-140715

AVG
AdInject.SouthStar
2015.0.3413

Bitdefender
Adware.Generic.589834
1.0.20.980

Dr.Web
Adware.Downware.1457
9.0.1.0196

Emsisoft Anti-Malware
Adware.Generic.589834
8.14.07.15.03

ESET NOD32
Win32/Amonetize.A.Gen
8.9825

Fortinet FortiGate
Adware/DomaIQ.C
7/15/2014

F-Secure
Adware.Generic.589834
11.2014-15-07_3

G Data
Adware.Generic.589834
14.7.24

IKARUS anti.virus
Application.Downloader.QI
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.178.12140

Malwarebytes
PUP.Optional.Amonetize.A
v2014.07.15.03

McAfee
Artemis!58006C4FE226
5600.7069

MicroWorld eScan
Adware.Generic.589834
15.0.0.588

NANO AntiVirus
Trojan.Win32.Downware.brmuse
0.28.0.59921

Reason Heuristics
PUP.Installer.Amonetizeltd.K
14.8.7.20

Sophos
Amonetize
4.98

VIPRE Antivirus
Amonetize
29420

File size:
149 KB (152,608 bytes)

Product version:
1.1.4.15

Copyright:
(c) Amonetize ltd., 2012,2013. All rights reserved.

Original file name:
Launcher.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup__189.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
5/14/2012 5:00:00 PM

Valid to:
5/15/2013 4:59:59 PM

Subject:
CN=Amonetize ltd., O=Amonetize ltd., L=Raanana, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
47256A10E8986C45AD869252DE4204AC

File PE Metadata
Compilation timestamp:
2/5/2013 12:46:49 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:oobJDqBO4pXBUQUM3kFF7cTAeiFVibABtSZjTNm8ivlWn+S9RVO4:oAMBFUM36ReXABt4xNZ+Spf

Entry address:
0x5AA70

Entry point:
60, BE, 00, B0, 43, 00, 8D, BE, 00, 60, FC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.7891

Packer / compiler:
UPX 2.90LZMA]

Code size:
128 KB (131,072 bytes)

The file setup__189.exe has been seen being distributed by the following 2 URLs.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.soledownload.com  (54.225.181.84:80)

TCP (HTTP):
Connects to www.activemonetizer.com  (23.23.96.46:80)

 
http://www.activemonetizer.com/index.php?Net2=v2.0.50727&Net4=&OSversion=NT5.1SP3&Slv=&Sysid=B27986804&Sysid1=B27986804&X64=N&admin=Y&browser=IEXPLORE.EXE&chver=&exe=ikjut__7770693&offver=&lang_DfltUser=04

Remove setup__189.exe - Powered by Reason Core Security