youtube downloader 4.8.4__8734_il1879329.exe

KOMPANIYA КRЕАТА LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application youtube downloader 4.8.4__8734_il1879329.exe by KOMPANIYA КRЕАТА has been detected as adware by 35 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.more-manger-files.com and multiple other hosts.
Publisher:
KOMPANIYA КRЕАТА LLC  (signed and verified)

Version:
1.1.6.20

MD5:
4198c707d14d3f836a93b256de45764b

SHA-1:
0773abdecea75b15d092e80d2fbb2fb1384347b4

SHA-256:
dad8f91cebacfb628a85e63896c654f084e669550e91c1a46a70c045d879c24b

Scanner detections:
35 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 5:27:36 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Amonetize.18
505

Agnitum Outpost
PUA.Amonetize
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetize
2015.08.16

Avira AntiVirus
ADWARE/Adware.Gen
8.3.1.6

Arcabit
Trojan.Application.Bundler.Amonetize.18
1.0.0.425

avast!
Win32:Amonetize-HI [PUP]
2014.9-150917

AVG
Downloader.Generic14
2016.0.2983

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.15917

Bitdefender
Gen:Variant.Application.Bundler.Amonetize.18
1.0.20.1300

Bkav FE
W32.HfsAdware
1.3.0.7062

Comodo Security
ApplicUnwnt
23015

Dr.Web
Adware.Downware.8564
9.0.1.0260

ESET NOD32
Win32/Amonetize.BR potentially unwanted (variant)
9.12100

Fortinet FortiGate
Riskware/Amonetize
9/17/2015

F-Prot
W32/A-2cc77b1b
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Bundler
11.2015-17-09_5

G Data
Gen:Variant.Application.Bundler.Amonetize.18
15.9.25

IKARUS anti.virus
AdWare.Amonetize
t3scan.1.9.5.0

K7 AntiVirus
Unwanted-Program
13.2016900

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.1411

McAfee
RDN/Generic PUP.x!cn3
5600.6639

MicroWorld eScan
Gen:Variant.Application.Bundler.Amonetize.18
16.0.0.780

NANO AntiVirus
Riskware.Win32.Amonetize.dffaha
0.30.24.3079

nProtect
Trojan-Clicker/W32.Amonetize.414432
15.08.13.01

Panda Antivirus
Trj/CI.A
15.09.17.06

Quick Heal
Trojan.Neop.G5
9.15.14.00

Reason Heuristics
PUP.Amonetize.Bundler
15.9.17.18

Rising Antivirus
PE:Trojan.Win32.Generic.176CD4BC!393008316
23.00.65.15915

Sophos
Amonetize (PUA)
4.98

Total Defense
Win32/Tnega.ScZIOZB
37.1.62.1

Trend Micro House Call
TROJ_SPNR.3AJC14
7.2.260

Trend Micro
TROJ_SPNR.3AJC14
10.465.17

Vba32 AntiVirus
AdWare.Amonetize
3.12.26.4

VIPRE Antivirus
Amonetize
42916

Zillya! Antivirus
Adware.Amonetize.Win32.1260
2.0.0.2352

File size:
404.7 KB (414,432 bytes)

Product version:
1.1.6.20

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\youtube downloader 4.8.4__8734_il1879329.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
6/16/2014 7:00:00 AM

Valid to:
6/17/2015 6:59:59 AM

Subject:
CN=KOMPANIYA КRЕАТА LLC, O=KOMPANIYA КRЕАТА LLC, L=Kharkiv, S=Kharkiv, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
04CA5D77531C0E61E4DE2CB0E6E4B5B2

File PE Metadata
Compilation timestamp:
9/10/2014 9:59:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:ra5Mqqub6lskGCEurlTA2xhDUynyfIIi+h3jkkVJMy82skyIZjzttmz22n:KMqp6ikqgRpxh5FrA3jkkrsu3ttmzFn

Entry address:
0x17610

Entry point:
E8, 8B, 84, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 94, AF, 3C, 00, 00, 75, 18, E8, A9, 7D, 00, 00, 6A, 1E, E8, F3, 7B, 00, 00, 68, FF, 00, 00, 00, E8, C3, F4, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 94, AF, 3C, 00, FF, 15, 60, 21, 3C, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 94, AF, 3C, 00, 00, 75, 18, E8, 5F, 7D, 00, 00, 6A, 1E, E8, A9, 7B, 00, 00, 68, FF, 00, 00, 00, E8, 79, F4, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Entropy:
7.2772

Code size:
192.5 KB (197,120 bytes)

The file youtube downloader 4.8.4__8734_il1879329.exe has been seen being distributed by the following 3 URLs.

http://www.more-manger-files.com/allddT.html?myref=www.downloadthesefiles.net&version=1.1.6.20&prefix=TheWalkingDeadSeasonTwoEpisode5PCDownloadGamefree&campid=4508&instid[appname]=TheWalkingDeadSeasonTwoEpisode5PCDownloadGamefree&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png&AMt=1411229960400&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

Remove youtube downloader 4.8.4__8734_il1879329.exe - Powered by Reason Core Security