home

windows 8 permanent activator k.j v5.11.2012.all version free download__3158_il5811144.exe

Installer

The application windows 8 permanent activator k.j v5.11.2012.all version free download__3158_il5811144.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from getmdownloader.com and multiple other hosts. While running, it connects to the Internet address www.ibbalance.com on port 443.
Product:
Installer

Version:
1.1.6.20

MD5:
8561adae11bee7161de42753c64f567e

SHA-1:
c244fcc7bc6b6040607a2a833513e0b4369cc691

SHA-256:
93612008a866b1db8102efed666da35afbd195f690e97e20494fde25c9078c39

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 9:42:40 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-131224

Baidu Antivirus
Trojan.Win32.Amonetize
4.0.3.131224

ESET NOD32
Win32/Amonetize.AA (variant)
7.9190

Malwarebytes
PUP.Optional.Monetizer
v2013.12.24.06

Trend Micro House Call
TROJ_GEN.F47V1224
7.2.20

File size:
323.5 KB (331,264 bytes)

Product version:
2.1.12

Copyright:
(c) 2012,2013. All rights reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\windows 8 permanent activator k.j v5.11.2012.all version free download__3158_il5811144.exe

File PE Metadata
Compilation timestamp:
12/24/2013 1:09:10 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:h+yzM61nU/0TUyir3SAfPaQBmuIqOaeT5icawnw1NldfbdfOsxlpX:h+IM6ZUMTG3DfP/mujIahDldf5p

Entry address:
0x26C13

Entry point:
E8, 74, 96, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF...
 
[+]

Entropy:
6.4251

Code size:
229 KB (234,496 bytes)

The file windows 8 permanent activator k.j v5.11.2012.all version free download__3158_il5811144.exe has been seen being distributed by the following 2 URLs.

http://getmdownloader.com/.../The.Smurfs.2.-.YIFY.Torrents.html?id=&na=IUvZaBYKyn3KZmtQSNt5IGKZRj0ACv yP30sR4iEmRvN&k=IZ3wmLdqJQ9YNh0jtGuyqbMia_Cif_B_S5RW_hgQpGdBpxAf24-dWCMqlbbWjDOtLmHyTfIdmRAY1sWBiy8vqK4

http://www.knockoutdownload.com/download.php?version=1.1.6.20&prefix=Windows 8 Permanent Activator K.J v5.11.2012.All Version Free Download&campid=3158&instid[appname]=Windows 8 Permanent Activator K.J v5.11.2012.All Version Free Download&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.