vgariov32__7934_il231672.exe

TOV

The application vgariov32__7934_il231672.exe by TOV has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from 837957.1freesoftwaredownload1.eu.
Publisher:
TOV   (signed and verified)

MD5:
febf2126eb58c19c642983bcf9074041

SHA-1:
853c52b08fadf843a9014b8691f033d6f2a5195c

SHA-256:
3e9d24b65272a7bdf84883f9412eda344692ca660bca836967c228b6066ccd04

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
12/22/2024 8:08:58 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160215-2

AVG
Adware BundleApp.OON
2015.0.4530

Dr.Web
Trojan.Amonetize.11548
9.0.1.05190

ESET NOD32
Win32/Amonetize.LY potentially unwanted application
8.0.319.0

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.213.6995.0

Norman
Gen:Application.Imonetize.2
17.02.2016 05:18:35

Reason Heuristics
Adware.Bundler (M)
16.2.24.3

File size:
856.7 KB (877,271 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\vgariov32__7934_il231672.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
11/6/2015 12:00:00 AM

Valid to:
11/5/2016 11:59:59 PM

Subject:
CN="TOV ""SOV AYTI SOFT""", OU=IT, O="TOV ""SOV AYTI SOFT""", STREET=house 35 princely street, L=Odesa, S=Odeska, PostalCode=65026, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008CC2E155A9D2A5A202F06B2D10497D40

File PE Metadata
Compilation timestamp:
12/3/2015 10:22:27 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:NArdZbSSpD66gGe9XKadojgU0IUpFvRTb:NArdJKGeYa+jsXvRf

Entry address:
0x4AD3

Entry point:
E8, 5B, 31, 00, 00, E9, 24, FE, FF, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 6B, 00, 00, 00, C7, 06, F0, E3, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 00, 00, 00, 00, 9C, 83, 44, 24, 04, 0C, 9D, E9, 5F, 00, 00, 00, C7, 06, F0, E3, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, A0, 00, 00, 00, C7, 06, D8, E3, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 44, 00, 00, 00, C7, 06, D8, E3, 41, 00, 8B, C6, 5E, 5D...
 
[+]

Entropy:
7.6486

Code size:
112 KB (114,688 bytes)

The file vgariov32__7934_il231672.exe has been seen being distributed by the following URL.

Remove vgariov32__7934_il231672.exe - Powered by Reason Core Security