» windows 8 activator loader 2013 v4.0 full version__4502_il800.exe
Overview
Analysis
File Details
Downloads (5)
Network (3)

windows 8 activator loader 2013 v4.0 full version__4502_il800.exe

Installer

The application windows 8 activator loader 2013 v4.0 full version__4502_il800.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.formerdownload.com and multiple other hosts. While running, it connects to the Internet address server-52-84-174-121.gru50.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

Product:

Installer

Version:

1.1.6.20

MD5:

84e5b8b179f75cb8cbd3f6dd75e41f34

SHA-1:

4be6182eb0babdb8ee73035bdb74aac7e5e996e2

SHA-256:

bbc3ea87d77898d097a18d4fbb9d50d52ee56b4563e6115381b071593207f76b

Scanner detections:

27 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 7:33:46 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Amonetize.14

389

Agnitum Outpost

PUA.Amonetize

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetiz

2015.07.11

Avira AntiVirus

ADWARE/Adware.Gen2

8.3.1.6

Arcabit

Trojan.Application.Bundler.Amonetize.14

1.0.0.425

avast!

Win32:Amonetize-E [PUP]

2014.9-160111

AVG

Generic_r

2017.0.2867

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.16111

Bitdefender

Gen:Variant.Application.Bundler.Amonetize.14

1.0.20.55

Comodo Security

ApplicUnwnt

22730

Dr.Web

Adware.Downware.2160

9.0.1.011

ESET NOD32

Win32/Amonetize.AG potentially unwanted (variant)

10.11924

Fortinet FortiGate

Riskware/Amonetize

1/11/2016

F-Secure

Gen:Variant.Application.Bundler

11.2016-11-01_2

G Data

Gen:Variant.Application.Bundler.Amonetize.14

16.1.25

K7 AntiVirus

Trojan

13.205.16532

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Amonetize

14.0.0.830

Malwarebytes

PUP.Optional.Amonetize

v2016.01.11.10

McAfee

Artemis!84E5B8B179F7

5600.6523

MicroWorld eScan

Gen:Variant.Application.Bundler.Amonetize.14

17.0.0.33

NANO AntiVirus

Trojan.Win32.Downware.ctleff

0.30.24.2487

Panda Antivirus

Trj/Genetic.gen

16.01.11.10

Reason Heuristics

PUP.Amonetize (M)

16.1.11.22

Rising Antivirus

PE:Malware.Adware!6.1574

23.00.65.16109

Trend Micro

TROJ_GEN.R0C1C0OLC14

10.465.11

VIPRE Antivirus

Trojan.Win32.Generic

41910

Zillya! Antivirus

Backdoor.PePatch.Win32.39612

2.0.0.2282

File size:

326 KB (333,824 bytes)

Product version:

2.1.12

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\windows 8 activator loader 2013 v4.0 full version__4502_il800.exe

File PE Metadata

Compilation timestamp:

1/30/2014 8:29:53 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:MY4KxJJMF/F9fo6+cFeBm452dCgeCjIilEb02r4IGY08ipT:MYTxJJu/F9fP+cFem44UilZ2ENYWpT

Entry address:

0x27684

Entry point:

E8, 9A, 95, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF... 
[+]

Entropy:

6.4277

Code size:

231.5 KB (237,056 bytes)

The file windows 8 activator loader 2013 v4.0 full version__4502_il800.exe has been seen being distributed by the following 5 URLs.

http://www.formerdownload.com/download.php?version=1.1.6.20&prefix=StartIsBack 2.1.2 / StartIsBack 1.5.2 Full Crack&campid=3113&instid[appname]=StartIsBack 2.1.2 / StartIsBack 1.5.2 Full Crack&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=OTQwfDE3MzR8TVh8M3wxfHw|f1083ef8b33baf993d96198897c89bb7

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4607&capp=FlashPlayer&prefix=install*flashplayer&ti1=OTQwfDE3MzR8QlJ8M3wxfHw|f1083ef8b33baf993d96198897c89bb7

http://www.averagedownload.com/download.php?version=1.1.6.20&campid=5064&instid[appname]=This File Now&instid[appsetupurl]=http://aingames.com/af-game-setup.exe&instid[cmdline]=ainfiles.com&instid[appimageurl]=http://aingames.com/images2.jpeg&prefix=ainfiles.com&instid[thankyoupage]=http://.../

http://www.conductdownload.com/download.php?version=1.1.6.20&campid=4411&capp=s7zip&prefix=GameSetup

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-52-84-174-121.gru50.r.cloudfront.net (52.84.174.121:80)

TCP (HTTP):

Connects to server-52-84-174-148.gru50.r.cloudfront.net (52.84.174.148:80)

TCP (HTTP):

Connects to ec2-107-20-147-93.compute-1.amazonaws.com (107.20.147.93:80)

Remove windows 8 activator loader 2013 v4.0 full version__4502_il800.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.