home

the everything guitar scales book__3516_i1327512660_il2562170.exe

Ukra-2006 LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application the everything guitar scales book__3516_i1327512660_il2562170.exe by Ukra-2006 has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from download.bragdownload.com and multiple other hosts.
Publisher:
Ukra-2006 LLC  (signed and verified)

Version:
1.1.8.22

MD5:
2e30c0932daa0799ab876b3eb0963973

SHA-1:
5ce8e0acde3e65656283af859a99a3e3f2468394

SHA-256:
1ff46735e41c64b830ce42a9b9f9c7eb364463b666ee4c8f43a24764815af4c7

Scanner detections:
12 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/27/2024 2:50:42 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetize
2014.09.21

Avira AntiVirus
ADWARE/Adware.Gen
7.11.173.132

AVG
Downloader.Generic14
2015.0.3342

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.14923

Dr.Web
Adware.Downware.8564
9.0.1.0266

ESET NOD32
Win32/Amonetize.BO (variant)
8.10444

K7 AntiVirus
Unwanted-Program
13.183.13432

Malwarebytes
PUP.Optional.Amonetize
v2014.09.23.08

NANO AntiVirus
Riskware.Win32.Amonetize.dffaha
0.28.2.62151

Reason Heuristics
PUP.Installer.Ukra2006.AA
14.9.23.20

Sophos
Amonetize
4.98

File size:
404.7 KB (414,416 bytes)

Product version:
1.1.8.22

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Language:
English (United States)

Digital Signature
Signed by:
Ukra-2006 LLC

Authority:
Thawte, Inc.

Valid from:
6/30/2014 8:00:00 PM

Valid to:
7/1/2015 7:59:59 PM

Subject:
CN=Ukra-2006 LLC, O=Ukra-2006 LLC, L=Kharkiv, S=Harkivska obl, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B3200D1AF3CAC4253C00F000EF4BAB9

File PE Metadata
Compilation timestamp:
9/10/2014 10:59:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:6a5Mqqub6lskGCEurlTA2xhDUyC8iGY66fQo1ER1SZd+Mmnw2z2h:jMqp6ikqgRpxhEuY66j6RApmw2z8

Entry address:
0x17610

Entry point:
E8, 8B, 84, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 94, AF, 3C, 00, 00, 75, 18, E8, A9, 7D, 00, 00, 6A, 1E, E8, F3, 7B, 00, 00, 68, FF, 00, 00, 00, E8, C3, F4, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 94, AF, 3C, 00, FF, 15, 60, 21, 3C, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 94, AF, 3C, 00, 00, 75, 18, E8, 5F, 7D, 00, 00, 6A, 1E, E8, A9, 7B, 00, 00, 68, FF, 00, 00, 00, E8, 79, F4, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Entropy:
7.2772

Code size:
192.5 KB (197,120 bytes)

The file the everything guitar scales book__3516_i1327512660_il2562170.exe has been seen being distributed by the following 4 URLs.

http://download.bragdownload.com/.../get.php?q=bob tutupoli&ti1=2395000&ti2=0&ti3=2014-09-20T12:23:23.429235 00:00

http://www-squid.cluster11.fb-hosting-apps.com/download.php?version=1.1.8.22&campid=3516&instid[appname]=Andreas Bourani Hey (Special Edition) (2014)_Downloader&instid[appsetupurl]=http://go.bragdownload.com/getfast/download.cgi?9&ti1=2035000&ti2=0&ti3=2014-09-20T12:47:18.404615 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.bragdownload.com/d1/logo150x150.png&prefix=Andreas Bourani Hey (Special Edition) (2014)&instid[thankyoupage]=http://download.bragdownload.com/.../thank_you.php?ti1=2035000&ti2=0&ti3=2014-09-20T12:47:18.404615 00:00&parameter=Andreas Bourani Hey (Special Edition) (2014)&instid[interrupted]=http://download.bragdownload.com/.../interrupted.php?ti1=2035000&ti2=0&ti3=2014-09-20T12:47:18.404615 00:00&parameter=Andreas Bourani Hey %2

http://download.bragdownload.com/.../get.php?q=Andreas Bourani - Hey (Special Edition) (2014)&ti1=2035000&ti2=0&ti3=2014-09-20T12:47:18.404615 00:00

http://www-squid.cluster11.fb-hosting-apps.com/download.php?version=1.1.8.22&campid=3516&instid[appname]=the everything guitar scales book_Downloader&instid[appsetupurl]=http://go.edgydownload.com/getfast/download.cgi?9&ti1=1405000&ti2=0&ti3=DD1_2014-09-20T12:22:34.938247 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.edgydownload.com/d1/logo150x150.png&prefix=the everything guitar scales book&instid[thankyoupage]=http://download.edgydownload.com/.../thank_you.php?ti1=1405000&ti2=0&ti3=DD1_2014-09-20T12:22:34.938247 00:00&parameter=the everything guitar scales book&instid[interrupted]=http://download.edgydownload.com/.../interrupted.php?ti1=1405000&ti2=0&ti3=DD1_2014-09-20T12:22:34.938247 00:00&parameter=the everything guitar scales book&ti1=1405000&ti2=0&ti3=DD1_2014-09-20T12:22:34.938247 00:00

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.