toyota prius gps__3039_i125080976_il4360245.exe

Installer

Shetef Solutions & Consulting (1998) Ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application toyota prius gps__3039_i125080976_il4360245.exe by Shetef Solutions & Consulting (1998) has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.
Publisher:
Amônétízé Ltd  (signed by Shetef Solutions & Consulting (1998) Ltd.)

Product:
Installer

Version:
1.1.5.98

MD5:
7d1f03e7d5f3f3ad42ec7bdceab6b85e

SHA-1:
a45f077122905e580cee2e2507c07407743c1e09

SHA-256:
5e8ab883dbc9826d648decb19495112e425424cf6cc9dd68f6fe3b5fd153ba9b

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 4:21:38 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Amonetiz
2013.11.12

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.112.176

ESET NOD32
Win32/Amonetize (variant)
8.9031

Fortinet FortiGate
Riskware/Agent
1/30/2014

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.4389

Malwarebytes
PUP.Optional.InstallMonetizer
v2014.01.30.05

Reason Heuristics
PUP.Installer.ShetefSolutionsConsulting1998.l
14.8.8.3

File size:
148.6 KB (152,192 bytes)

Product version:
2.1.12

Copyright:
(c) Amônétízé Ltd, 2012,2013. All rights reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\toyota prius gps__3039_i125080976_il4360245.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
7/23/2013 1:00:00 AM

Valid to:
7/24/2014 12:59:59 AM

Subject:
CN=Shetef Solutions & Consulting (1998) Ltd., O=Shetef Solutions & Consulting (1998) Ltd., L=Rannana, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7C23DBB97FAFBB9D28D413F836202024

File PE Metadata
Compilation timestamp:
11/8/2013 10:32:24 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:PiFegiYq08HaYEnmarAm+Mv3XVzOHfredZI8kYm4mLqJkzDZUIfpG6Lbw9b/z4Bb:PPiuHhEnmaBVISddkmmDSIfpGM8SC0

Entry address:
0x59850

Entry point:
60, BE, 00, A0, 43, 00, 8D, BE, 00, 70, FC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA]

Code size:
128 KB (131,072 bytes)

The file toyota prius gps__3039_i125080976_il4360245.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):