home

setup__9348_il154849.exe

ITL-GROUP LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup__9348_il154849.exe by ITL-GROUP has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
ITL-GROUP LLC  (signed and verified)

Version:
1.1.5.26

MD5:
487780cb90a64207671678ab36ef37ec

SHA-1:
c3075d4451d4d39da0a9a72e484f49bcaa864d9c

SHA-256:
ce26eba87f94b3e2e8ca251748ee88019e58faa180ca15c858b6b176c35d7a32

Scanner detections:
20 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
1/12/2025 10:05:40 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.166062
780

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.12.09

Avira AntiVirus
ADWARE/Adware.Gen4
7.11.193.176

avast!
Win32:Malware-gen
2014.9-141208

AVG
Generic
2015.0.3266

Bitdefender
Gen:Variant.Graftor.166062
1.0.20.1750

Dr.Web
Trojan.Amonetize.279
9.0.1.0342

ESET NOD32
Win32/Amonetize.CH (variant)
8.10846

Fortinet FortiGate
Riskware/Amonetize
12/16/2014

F-Secure
Gen:Variant.Graftor.166062
11.2014-16-12_3

G Data
Gen:Variant.Graftor.166062
14.12.24

K7 AntiVirus
Unwanted-Program
13.186.14270

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2826

McAfee
Artemis!487780CB90A6
5600.6922

MicroWorld eScan
Gen:Variant.Graftor.166062
15.0.0.1050

NANO AntiVirus
Riskware.Win32.Amonetize.djsswg
0.28.6.63850

Reason Heuristics
PUP.Installer.ITLGROUP.U
14.12.8.19

Sophos
Generic PUA MD
4.98

Trend Micro House Call
Suspicious_GEN.F47V1203
7.2.350

VIPRE Antivirus
Trojan.Win32.Generic
35394

File size:
590.7 KB (604,904 bytes)

Product version:
1.1.5.26

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup__9348_il154849.exe

Digital Signature
Signed by:
ITL-GROUP LLC

Authority:
Thawte, Inc.

Valid from:
10/20/2014 3:00:00 AM

Valid to:
10/21/2015 2:59:59 AM

Subject:
CN=ITL-GROUP LLC, O=ITL-GROUP LLC, L=Selyshche Doslidne, S=Selyshche Doslidne, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
080AA229F6377F023DF6C8F878AC3719

File PE Metadata
Compilation timestamp:
12/2/2014 12:34:18 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:V+QO2iSuC4JXQZRghZCx3ag0UmiFoYnDBFtC4jSFFFFFFFFPFFFFFFFFFFFnWfFf:VTO2L7EDjbUloiXFf

Entry address:
0xDA44

Entry point:
E8, 78, 78, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 7C, FF, 38, 00, FF, 15, C4, 70, 38, 00, 85, C0, 75, 18, 56, E8, 8D, 2F, 00, 00, 8B, F0, FF, 15, 24, 70, 38, 00, 50, E8, 3D, 2F, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, B0, E2, FF, FF, C7, 06, 1C, 7C, 38, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 1C, 7C, 38, 00, E9, F4, E2, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 1C, 7C, 38, 00, E8, E1, E2, FF, FF...
 
[+]

Code size:
150.5 KB (154,112 bytes)

The file setup__9348_il154849.exe has been seen being distributed by the following URL.

http://www.good-hurricane-file.org/.../Setup__9348_il154849.exe

Remove setup__9348_il154849.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.