slivelight__8497_i1447394643_il82.exe

The application slivelight__8497_i1447394643_il82.exe has been detected as a potentially unwanted program by 28 anti-malware scanners. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from hqhub.net and multiple other hosts.
Version:
1.1.5.26

MD5:
f8808f78a592e4b1420b76e0f8426532

SHA-1:
ec6698d156c38dc42a14e0ab1d3765e5095eacdc

SHA-256:
1d628d9b98fec653cc81186853893af5d1dd6f65dd7b6f258cc63641268a154f

Scanner detections:
28 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 11:56:17 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2081079
566

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2015.02.20

Avira AntiVirus
ADWARE/Adware.Gen4
7.11.211.104

avast!
Win32:Amonetize-HQ [PUP]
2014.9-150719

AVG
PSW.Agent
2016.0.3044

Baidu Antivirus
PUA.Win32.Amonetize
4.0.3.15719

Bitdefender
Trojan.GenericKD.2081079
1.0.20.1000

Dr.Web
Trojan.Adfltnet.71
9.0.1.0200

Emsisoft Anti-Malware
Trojan.GenericKD.2081079
8.15.07.19.08

ESET NOD32
Win32/Amonetize.DE potentially unwanted (variant)
9.11202

Fortinet FortiGate
Riskware/Amonetize
7/19/2015

F-Secure
Trojan.GenericKD.2081079
11.2015-19-07_1

G Data
Trojan.GenericKD.2081079
15.7.25

K7 AntiVirus
Trojan
13.197.15023

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.1713

Malwarebytes
PUP.Optional.Bundle
v2015.07.19.08

McAfee
Artemis!F8808F78A592
5600.6700

MicroWorld eScan
Trojan.GenericKD.2081079
16.0.0.600

NANO AntiVirus
Trojan.Win32.Adfltnet.dlwosi
0.30.0.126

nProtect
Trojan.GenericKD.2081079
15.02.17.01

Reason Heuristics
Threat.Win.Reputation.IMP
15.7.19.8

Sophos
Generic PUA OM
4.98

Trend Micro House Call
TROJ_GEN.F0C2C00AQ15
7.2.200

Trend Micro
TROJ_GEN.F0C2C00AQ15
10.465.19

Vba32 AntiVirus
AdWare.Amonetize
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
37706

Zillya! Antivirus
Adware.Amonetize.Win32.1999
2.0.0.2073

File size:
458.5 KB (469,504 bytes)

Product version:
1.1.5.26

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\windows vxm\program\slivelight__8497_i1447394643_il82.exe

File PE Metadata
Compilation timestamp:
1/8/2015 5:20:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:J71WZz0IB+kIFKWlpYJhFAUmtJfDI+5UyFdF:JJWB0e+kIFKWkJhi/JfDI+nF

Entry address:
0x11FB8

Entry point:
E8, 9B, 4B, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 04, 2F, 3B, 00, 00, 75, 18, E8, 79, 35, 00, 00, 6A, 1E, E8, C3, 33, 00, 00, 68, FF, 00, 00, 00, E8, F0, F8, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 04, 2F, 3B, 00, FF, 15, C8, B0, 3A, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 04, 2F, 3B, 00, 00, 75, 18, E8, 2F, 35, 00, 00, 6A, 1E, E8, 79, 33, 00, 00, 68, FF, 00, 00, 00, E8, A6, F8, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Entropy:
7.4468

Code size:
165 KB (168,960 bytes)

The file slivelight__8497_i1447394643_il82.exe has been seen being distributed by the following 4 URLs.

http://hqhub.net/download_player.php?a=131340&f=1

http://free-versions.pl/lp10/installer.php?aff=100&subaff=423&exename=FL_VideoPlugin.exe&title=FL Video Plugin&description=FL Video Plugin&downloadurl=http://.../VLX_Player.exe&tid=

Remove slivelight__8497_i1447394643_il82.exe - Powered by Reason Core Security