home

windows 7 loader 2.2 by daz__6666_i943142809_il86573.exe

The application windows 7 loader 2.2 by daz__6666_i943142809_il86573.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. This is a setup program which is used to install the application. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from stream.get-tune.net and multiple other hosts.
Version:
1.1.5.26

MD5:
825ea9144784c29f20849282ec9b7ae3

SHA-1:
1dfe8144a1603ee1ee4fe15806d9982c4af91ed3

SHA-256:
2a4e7e3861e7196a74fd46ecbd9830d7ed4f8a031db8f62596db9dcaf6784177

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 6:59:58 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.06.25

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.156.158

avast!
Win32:Amonetize-BX [PUP]
2014.9-140717

AVG
BundleApp_r.R
2015.0.3411

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.14717

ESET NOD32
Win32/Amonetize.AW (variant)
8.9993

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize
14.0.0.3549

Malwarebytes
PUP.Optional.Amonetize
v2014.07.17.03

McAfee
PUP-FBM
5600.7067

Reason Heuristics
Threat.Win.Reputation.IMP
14.7.17.3

Rising Antivirus
PE:Malware.Adware!6.198D
23.00.65.14715

Sophos
Amonetize
4.98

Trend Micro House Call
TROJ_GEN.R047H06FO14
7.2.198

VIPRE Antivirus
Amonetize
30616

File size:
333 KB (340,992 bytes)

Product version:
1.1.5.26

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\windows 7 loader 2.2 by daz__6666_i943142809_il86573.exe

File PE Metadata
Compilation timestamp:
6/24/2014 4:03:14 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:O8YdJWfoeZ0w00fl2czrBUgRt+LKejAGR9hUsKqgzoYNKZZCR9wRN:O8Yd4p0wtfl2czVUgpOhTKqFxIGR

Entry address:
0x28774

Entry point:
E8, 34, A0, 00, 00, E9, 89, FE, FF, FF, CC, CC, 53, 56, 8B, 44, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 0C, F7, F1, 8B, D3, EB, 41, 8B, C8, 8B, 5C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 18, 8B, C8, 8B, 44, 24, 14, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 10, 77, 08, 72, 07, 3B, 44, 24, 0C, 76, 01, 4E, 33, D2, 8B, C6, 5E, 5B, C2, 10, 00, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00...
 
[+]

Code size:
238 KB (243,712 bytes)

The file windows 7 loader 2.2 by daz__6666_i943142809_il86573.exe has been seen being distributed by the following 3 URLs.

http://stream.get-tune.net/file/107756896/28090798/86884423/.../Drake_feat._Kanye_West_Lil_Wayne_amp_Eminem_-_Drake_feat._Kanye_West_Lil_Wayne_amp_Eminem_-_Mo_(get-tune.net).mp3

http://www.justifiabledownload.com/download.php?version=1.1.5.26&campid=6629&instid[appname]=DamnVid&instid[appsetupurl]=http://download.freesoftindex.com/software/DamnVid_Setup.exe&instid[cmdline]=/S&instid[appimageurl]=http://download.freesoftindex.com/img/150x150/damnvid.png&prefix=DamnVid&instid[thankyoupage]=http://.../finish.php&ti1=5187-0-damnvid

http://videorush.net/download_player.php?a=51870

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.