home

tenacious d and the pick of destiny full movie free__3039_i1225696410_il960884.exe

Ukra-2006 LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application tenacious d and the pick of destiny full movie free__3039_i1225696410_il960884.exe by Ukra-2006 has been detected as adware by 32 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Ukra-2006 LLC  (signed and verified)

Version:
1.1.8.22

MD5:
e1cc4ee6c71dae6ae8a065852bfd599c

SHA-1:
df5d1f354f72070099172756311a31705756e7fd

SHA-256:
3d7c93621899c511bbf6488dd8f311014625fdc865ea31de7bd7a0af03ce00ac

Scanner detections:
32 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 11:21:05 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Amonetize.18
530

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetize
2015.08.16

Avira AntiVirus
ADWARE/Amonetize.kpa
8.3.1.6

Arcabit
Trojan.Application.Bundler.Amonetize.18
1.0.0.425

avast!
Win32:Amonetize-DI [PUP]
2014.9-150823

AVG
Generic_r
2016.0.3008

Baidu Antivirus
PUA.Win32.Amonetize
4.0.3.15823

Bitdefender
Gen:Variant.Application.Bundler.Amonetize.18
1.0.20.1175

Bkav FE
W32.HfsAdware
1.3.0.7062

Comodo Security
UnclassifiedMalware
23018

Dr.Web
Trojan.Amonetize.3782
9.0.1.0235

ESET NOD32
Win32/Amonetize.BN potentially unwanted (variant)
9.12100

Fortinet FortiGate
Riskware/Amonetize
8/23/2015

F-Prot
W32/S-484270a7
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Bundler
11.2015-23-08_1

G Data
Gen:Variant.Application.Bundler.Amonetize.18
15.8.25

K7 AntiVirus
Trojan
13.2016902

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.1536

McAfee
PUP-Amonetize
5600.6664

MicroWorld eScan
Gen:Variant.Application.Bundler.Amonetize.18
16.0.0.705

NANO AntiVirus
Riskware.Win32.Downware.degitz
0.30.24.3079

Panda Antivirus
Trj/Genetic.gen
15.08.23.06

Qihoo 360 Security
Win32/Application.c7d
1.0.0.1015

Quick Heal
Trojan.Neop.G5
8.15.14.00

Reason Heuristics
PUP.Amonetize.Ukra2006.Bundler (M)
15.8.23.18

Rising Antivirus
PE:Trojan.Win32.Generic.173E1509!389944585
23.00.65.15821

Sophos
Amonetize (PUA)
4.98

Total Defense
Win32/Tnega.VBTeCG
37.1.62.1

Vba32 AntiVirus
AdWare.Amonetize
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
42930

Zillya! Antivirus
Adware.Amonetize.Win32.883
2.0.0.2352

File size:
346.7 KB (355,024 bytes)

Product version:
1.1.8.22

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\tenacious d and the pick of destiny full movie free__3039_i1225696410_il960884.exe

Digital Signature
Signed by:
Ukra-2006 LLC

Authority:
Thawte, Inc.

Valid from:
6/30/2014 7:00:00 PM

Valid to:
7/1/2015 6:59:59 PM

Subject:
CN=Ukra-2006 LLC, O=Ukra-2006 LLC, L=Kharkiv, S=Harkivska obl, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B3200D1AF3CAC4253C00F000EF4BAB9

File PE Metadata
Compilation timestamp:
8/21/2014 2:06:30 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:Dq57Lfg8yZKdmvRMScO5SPd8rI4C17lktnk9jeWsyLJANebfmb:DuuZKdmBSF718nk9je9amb

Entry address:
0xB032

Entry point:
E8, 5F, 45, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 3C, 9D, 3B, 00, 00, 75, 18, E8, 54, 2D, 00, 00, 6A, 1E, E8, 9E, 2B, 00, 00, 68, FF, 00, 00, 00, E8, D6, F8, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 3C, 9D, 3B, 00, FF, 15, 14, 31, 3B, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, 40, 9D, 3B, 00, 74, 0D, 53, E8, 1D, 15, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 3A, 24, 00, 00, 89, 30, E8, 33, 24, 00, 00, 89...
 
[+]

Entropy:
7.5779

Code size:
70 KB (71,680 bytes)

The file tenacious d and the pick of destiny full movie free__3039_i1225696410_il960884.exe has been seen being distributed by the following 3 URLs.

http://download.thankdownload.com/.../get.php?q=Mica Mireasa Ep 557&ti1=945000&ti2=0&ti3=2014-08-26T19:04:02.632402 00:00

http://www-squid.cluster10.fb-hosting-apps.com/download.php?version=1.1.8.22&campid=3038&instid[appname]=hugo retro mania pc_Downloader&instid[appsetupurl]=http://go.venturedownload.com/getfast/download.cgi?9&ti1=1405000&ti2=2&ti3=DD1_2014-08-26T19:46:50.993139 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.venturedownload.com/d1/logo150x150.png&prefix=hugo retro mania pc&instid[thankyoupage]=http://download.venturedownload.com/.../thank_you.php?ti1=1405000&ti2=2&ti3=DD1_2014-08-26T19:46:50.993139 00:00&parameter=hugo retro mania pc&instid[interrupted]=http://download.venturedownload.com/.../interrupted.php?ti1=1405000&ti2=2&ti3=DD1_2014-08-26T19:46:50.993139 00:00&parameter=hugo retro mania pc&ti1=1405000&ti2=2&ti3=DD1_2014-08-26T19:46:50.993139 00:00

http://www-squid.cluster10.fb-hosting-apps.com/download.php?version=1.1.8.22&campid=3516&instid[appname]=imagini desktop_Downloader&instid[appsetupurl]=http://go.venturedownload.com/getfast/download.cgi?9&ti1=1460000&ti2=0&ti3=DD1_2014-08-26T18:03:20.574883 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.venturedownload.com/d1/logo150x150.png&prefix=imagini desktop&instid[thankyoupage]=http://download.venturedownload.com/.../thank_you.php?ti1=1460000&ti2=0&ti3=DD1_2014-08-26T18:03:20.574883 00:00&parameter=imagini desktop&instid[interrupted]=http://download.venturedownload.com/.../interrupted.php?ti1=1460000&ti2=0&ti3=DD1_2014-08-26T18:03:20.574883 00:00&parameter=imagini desktop&ti1=1460000&ti2=0&ti3=DD1_2014-08-26T18:03:20.574883 00:00

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.