home

variateur.pdf_10924_i6336424_il345.exe

Ukra-2006 LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application variateur.pdf_10924_i6336424_il345.exe by Ukra-2006 has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Ukra-2006 LLC  (signed and verified)

MD5:
a7ea6783241139ff18df4141464807dc

SHA-1:
c86fc754a74b9899d1f82bdc47acdc2fe4893959

SHA-256:
e0a424ffc56abd1fc3c3b546811535d3fcfa22856c2eba713b8566dce754fcd0

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/16/2024 8:39:39 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/Amonetize.kpa
7.11.198.252

AVG
Generic
2016.0.3160

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.15325

Clam AntiVirus
Win.Adware.Amonetize-511
0.98/21511

Dr.Web
Trojan.Amonetize.12
9.0.1.084

G Data
NSIS.Application.Crypted
15.3.24

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize
14.0.0.2294

McAfee
Artemis!8F00B3F9F161
5600.6816

Panda Antivirus
Generic Suspicious
15.03.25.05

Qihoo 360 Security
Win32/Virus.Adware.b9e
1.0.0.1015

Reason Heuristics
PUP.Bundler.Amonetize
15.3.25.5

Rising Antivirus
PE:AdWare.Win32.Adpeak.c!1075356117
23.00.65.15323

Sophos
Amonetize
4.98

Trend Micro House Call
Suspici.1CC0D1BF
7.2.84

VIPRE Antivirus
Trojan.Win32.Generic
36300

File size:
303.4 KB (310,696 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup (using Nullsoft Install System)

Digital Signature
Signed by:
Ukra-2006 LLC

Authority:
Thawte, Inc.

Valid from:
7/1/2014 1:00:00 AM

Valid to:
7/2/2015 12:59:59 AM

Subject:
CN=Ukra-2006 LLC, O=Ukra-2006 LLC, L=Kharkiv, S=Harkivska obl, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B3200D1AF3CAC4253C00F000EF4BAB9

File PE Metadata
Compilation timestamp:
10/7/2014 5:40:26 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:eGC7W7BU5VMqKGqcUz9PbMqgSGfIPLWGJ4SAsJW3TlHWdlHRzcUvI5zG:Ua7g2qKGqP9DQUznJ4WYTlHwV

Entry address:
0x322E

Entry point:
81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 81, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 09, A3, 78, 4F, 43, 00, E8, FD, 2E, 00, 00, A3, C4, 4E, 43, 00, 55, 8D, 44, 24, 38, 68, B4, 02, 00, 00, 50, 55, 68, D8, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, C0, A2, 40, 00, 68, C0, 3E, 43, 00, E8, 68, 2B, 00, 00, FF, 15, 38, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, 56, 2B, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file variateur.pdf_10924_i6336424_il345.exe has been seen being distributed by the following URL.

http://downprov7.downloadfasteasy.com/.../variateur.pdf_10924_i6336424_il345.exe

Remove variateur.pdf_10924_i6336424_il345.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.