home

SilentInstaller_dotnet2.exe

sol2405

The application SilentInstaller_dotnet2.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. This is a setup program which is used to install the application. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from dw59o80yvpenp.cloudfront.net.
Product:
sol2405

Version:
2.4.0.5

MD5:
bd9d5c9d0fd3ea5152fcc93442027f98

SHA-1:
d013ca8b278d7d450990ee964690168d250d25cc

SHA-256:
1ac39412b979650a901cbeb951a3494dfc22fdef62ea659b30e7ffa86f3692f8

Scanner detections:
18 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/25/2024 12:55:23 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Razy.18672
255

AhnLab V3 Security
PUP/Win32.OfferInstaller
2016.05.24

Avira AntiVirus
TR/Dropper.MSIL.Gen
8.3.3.4

Arcabit
Trojan.Razy.D48F0
1.0.0.688

avast!
Win32:Evo-gen [Susp]
2014.9-160524

Bitdefender
Gen:Variant.Razy.18672
1.0.20.725

Dr.Web
Trojan.Crossrider1.58013
9.0.1.0145

Emsisoft Anti-Malware
Gen:Variant.Razy.18672
8.16.05.24.12

ESET NOD32
MSIL/Adware.Imali (variant)
10.13536

F-Secure
Gen:Variant.Razy.18672
11.2016-24-05_3

G Data
Gen:Variant.Razy.18672
16.5.25

IKARUS anti.virus
AdWare.MSIL.Imali
t3scan.2.0.9.0

K7 AntiVirus
Adware
13.226.19689

Malwarebytes
PUP.Optional.Amonetize
v2016.05.24.12

MicroWorld eScan
Gen:Variant.Razy.18672
17.0.0.435

NANO AntiVirus
Trojan.Win32.Crossrider1.ebryyj
1.0.30.8482

Qihoo 360 Security
HEUR/QVM03.0.0000.Malware.Gen
1.0.0.1120

Vba32 AntiVirus
TScope.Trojan.MSIL
3.12.26.4

File size:
313.5 KB (321,024 bytes)

Product version:
2.4.0.5

Copyright:
Copyright © 2016

Original file name:
SilentInstaller_dotnet2.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\silentinstaller_dotnet2.exe

File PE Metadata
Compilation timestamp:
5/24/2016 9:48:33 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:vlnFZT8qbTR7SquD4L8vioH/X8i9DLnHWcefjVo8bS5Vbgb2L:NFZwgVxGq86oH/MKvnolgbcg

Entry address:
0x4F22E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
309 KB (316,416 bytes)

The file SilentInstaller_dotnet2.exe has been seen being distributed by the following URL.

http://dw59o80yvpenp.cloudfront.net/SilentInstaller_dotnet2.exe

Remove SilentInstaller_dotnet2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.