» setup__189.exe
Overview
Analysis
File Details
Downloads (2)
Network (2)

setup__189.exe

Installer

Amonetize ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup__189.exe by Amonetize ltd has been detected as adware by 34 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

setup__189.exe

Publisher:

Amonetize (signed by Amonetize ltd.)

Product:

Installer

Version:

1.1.4.15

MD5:

58006c4fe226d1510a2b0cf39c1b14f0

SHA-1:

a82730f0c12367d49a3c9ea34b05e91d08a8b6b7

SHA-256:

ef3b0d4102a5b96319a1874df010cda0e0e5f70649d8ec198fd1b93a08c9a72e

Scanner detections:

34 / 68

Status:

Adware

Explanation:

This setup file is a re-distribution of the original program that bundles various adware offers during installation including toolbars and browser search extensions.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

11/23/2024 11:20:37 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.589834

935

Avira AntiVirus

ADWARE/Adware.Gen2

7.11.150.172

avast!

Win32:Amonetize-Q [PUP]

2014.9-140715

AVG

AdInject.SouthStar

2015.0.3413

Bitdefender

Adware.Generic.589834

1.0.20.980

Dr.Web

Adware.Downware.1457

9.0.1.0196

Emsisoft Anti-Malware

Adware.Generic.589834

8.14.07.15.03

ESET NOD32

Win32/Amonetize.A.Gen

8.9825

Fortinet FortiGate

Adware/DomaIQ.C

7/15/2014

F-Secure

Adware.Generic.589834

11.2014-15-07_3

G Data

Adware.Generic.589834

14.7.24

IKARUS anti.virus

Application.Downloader.QI

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.178.12140

Malwarebytes

PUP.Optional.Amonetize.A

v2014.07.15.03

McAfee

Artemis!58006C4FE226

5600.7069

MicroWorld eScan

Adware.Generic.589834

15.0.0.588

NANO AntiVirus

Trojan.Win32.Downware.brmuse

0.28.0.59921

Reason Heuristics

PUP.Installer.Amonetizeltd.K

14.8.7.20

Sophos

Amonetize

4.98

VIPRE Antivirus

Amonetize

29420

File size:

149 KB (152,608 bytes)

Product version:

1.1.4.15

Original file name:

Launcher.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Amonetize Downloader

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup__189.exe

Digital Signature

Signed by:

Amonetize ltd.

Authority:

Thawte, Inc.

Valid from:

5/14/2012 5:00:00 PM

Valid to:

5/15/2013 4:59:59 PM

Subject:

CN=Amonetize ltd., O=Amonetize ltd., L=Raanana, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

47256A10E8986C45AD869252DE4204AC

File PE Metadata

Compilation timestamp:

2/5/2013 12:46:49 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:oobJDqBO4pXBUQUM3kFF7cTAeiFVibABtSZjTNm8ivlWn+S9RVO4:oAMBFUM36ReXABt4xNZ+Spf

Entry address:

0x5AA70

Entry point:

60, BE, 00, B0, 43, 00, 8D, BE, 00, 60, FC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.7891

Packer / compiler:

UPX 2.90LZMA]

Code size:

128 KB (131,072 bytes)

The file setup__189.exe has been seen being distributed by the following 2 URLs.

http://d1uc4fr8hoy8ts.cloudfront.net/bundles/.../setup__189.exe

http://d3d6wi7c7pa6m0.cloudfront.net/bundles/.../setup__189.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.soledownload.com (54.225.181.84:80)

TCP (HTTP):

Connects to www.activemonetizer.com (23.23.96.46:80)

http://www.activemonetizer.com/index.php?Net2=v2.0.50727&Net4=&OSversion=NT5.1SP3&Slv=&Sysid=B27986804&Sysid1=B27986804&X64=N&admin=Y&browser=IEXPLORE.EXE&chver=&exe=ikjut__7770693&offver=&lang_DfltUser=04

Remove setup__189.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.