van wilder freshman year.2009.dvdrip.ur.xvid 1337x noir.avi.mp4__3039_i178044569_il7547462.exe

Installer

Shetef Solutions & Consulting (1998) Ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application van wilder freshman year.2009.dvdrip.ur.xvid 1337x noir.avi.mp4__3039_i178044569_il7547462.exe by Shetef Solutions & Consulting (1998) has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.
Publisher:
Amônétízé Ltd  (signed by Shetef Solutions & Consulting (1998) Ltd.)

Product:
Installer

Version:
1.1.5.98

MD5:
65aa2de2f99287b3bc37a0a6e62eff8d

SHA-1:
de97672bd781b699e5d581d9f27771bb7f291736

SHA-256:
4d494738a00762549a7d953be103ec85e144408f5f1801ef8ee7bc662b71f4f5

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/23/2024 7:30:23 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.119.158

Dr.Web
Adware.Downware.1575
9.0.1.0352

ESET NOD32
Win32/Amonetize (variant)
7.9171

Fortinet FortiGate
Riskware/Amonetize
12/18/2013

IKARUS anti.virus
not-a-virus:Downloader.Win32.Agent
t3scan.2.2.29

Malwarebytes
PUP.Optional.InstallMonetizer
v2013.12.18.06

Reason Heuristics
PUP.Installer.ShetefSolutionsConsulting1998.?
14.8.8.3

Trend Micro House Call
TROJ_GEN.F47V1205
7.2.352

File size:
149.1 KB (152,704 bytes)

Product version:
2.1.12

Copyright:
(c) Amônétízé Ltd, 2012,2013. All rights reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\van wilder freshman year.2009.dvdrip.ur.xvid 1337x noir.avi.mp4__3039_i178044569_il7547462.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
7/23/2013 8:00:00 AM

Valid to:
7/24/2014 7:59:59 AM

Subject:
CN=Shetef Solutions & Consulting (1998) Ltd., O=Shetef Solutions & Consulting (1998) Ltd., L=Rannana, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7C23DBB97FAFBB9D28D413F836202024

File PE Metadata
Compilation timestamp:
12/5/2013 11:26:01 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:m2D5Ylx2B9/ghGBvtW36/Sf+1LCfmaHa11VZnm83nkHP9BwvO:m2t8lGh836/Sf+1LymaHW1fm2kvzGO

Entry address:
0x59940

Entry point:
60, BE, 00, A0, 43, 00, 8D, BE, 00, 70, FC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.7868

Packer / compiler:
UPX 2.90LZMA]

Code size:
128 KB (131,072 bytes)

The file van wilder freshman year.2009.dvdrip.ur.xvid 1337x noir.avi.mp4__3039_i178044569_il7547462.exe has been seen being distributed by the following 50 URLs.

http://download.aminst.net/.../get.php?q=netcad 5.2 indir windows 7 32 bit crack&ti1=700000&ti2=0&ti3=2013-12-06T20:14:06.521820 00:00

Latest 30 of 76 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):