home

sprawdzianyjpg__7934_il12940.exe

TOV

The application sprawdzianyjpg__7934_il12940.exe by TOV has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup program which is used to install the application. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from 766340.1freesoftwareonline1.com.
Publisher:
TOV   (signed and verified)

Version:
1.1.5.90

MD5:
7637396aaee8c7a6998661d9ccd350ea

SHA-1:
2c7ae17f81efc6f30d7af46f3e70a9a3a2bf27fb

SHA-256:
ccc10b9d41862017cec6854115a4e35afb4305dfba16568bc398a662d5132b3a

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
12/22/2024 10:19:18 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Amonetize.11110
9.0.1.05190

Emsisoft Anti-Malware
Gen:Application.Imonetize
11.5.0.6191

ESET NOD32
Win32/Amonetize.NM potentially unwanted application
7.0.302.0

F-Secure
Application.Imonetize.2
5.15.96

Microsoft Security Essentials
Threat.Undefined
1.223.1093.0

Norman
Gen:Application.Imonetize.2
28.05.2016 15:32:18

Reason Heuristics
Adware.Amonetize.ET (M)
16.6.10.4

VIPRE Antivirus
Threat.4150696
49494

File size:
1.1 MB (1,122,052 bytes)

Product version:
1.1.5.90

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\documents and settings\właściciel\moje dokumenty\downloads\sprawdzianyjpg__7934_il12940.exe

Digital Signature
Signed by:
TOV

Authority:
COMODO CA Limited

Valid from:
9/20/2015 12:00:00 AM

Valid to:
9/19/2016 11:59:59 PM

Subject:
CN="TOV ""SOFT LIGHT""", OU=IT, O="TOV ""SOFT LIGHT""", STREET="03127, m.Kiїv, AVENUE 40 RІCHCHYA Zhovtnya, Budinok 122, Building 1, Apartment 73", L=Kiev, S=Kiev, PostalCode=03127, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FF3AA7B5600E09FB8898AB099F8A70D9

File PE Metadata
Compilation timestamp:
11/24/2015 4:17:56 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:zadt+0wFbbqtoWvpxwBLFI5eI0H8kDS9rhP0W:z0MFbbsElFI8I0lSVh8W

Entry address:
0x1CD1

Entry point:
E8, C9, 1A, 00, 00, E9, 5A, FE, FF, FF, 55, 8B, EC, FF, 35, 08, 54, 41, 00, FF, 15, 98, D0, 40, 00, 85, C0, 74, 0F, FF, 75, 08, FF, D0, 59, 85, C0, 74, 05, 33, C0, 40, 5D, C3, 33, C0, 5D, C3, 55, 8B, EC, 8B, 45, 08, A3, 08, 54, 41, 00, 5D, C3, 55, 8B, EC, 51, 51, 59, 8D, 45, FC, 50, 68, F4, D1, 40, 00, 6A, 00, FF, 15, B4, D0, 40, 00, 85, C0, 74, 17, 68, 0C, D2, 40, 00, FF, 75, FC, FF, 15, 64, D0, 40, 00, 85, C0, 74, 05, FF, 75, 08, FF, D0, C9, C3, 55, 8B, EC, FF, 75, 08, E8, C1, FF, FF, FF, 59, FF, 75, 08...
 
[+]

Code size:
45.5 KB (46,592 bytes)

The file sprawdzianyjpg__7934_il12940.exe has been seen being distributed by the following URL.

http://766340.1freesoftwareonline1.com/download.php?id=thequeash&title=SprawdzianyJPG

Remove sprawdzianyjpg__7934_il12940.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.