» youtube downloader 4.8.4__8734_il1879329.exe
Overview
Analysis
File Details
Downloads (3)

youtube downloader 4.8.4__8734_il1879329.exe

KOMPANIYA КRЕАТА LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application youtube downloader 4.8.4__8734_il1879329.exe by KOMPANIYA КRЕАТА has been detected as adware by 35 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.more-manger-files.com and multiple other hosts.

File name:

Publisher:

KOMPANIYA КRЕАТА LLC (signed and verified)

Version:

1.1.6.20

MD5:

4198c707d14d3f836a93b256de45764b

SHA-1:

0773abdecea75b15d092e80d2fbb2fb1384347b4

SHA-256:

dad8f91cebacfb628a85e63896c654f084e669550e91c1a46a70c045d879c24b

Scanner detections:

35 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/4/2024 5:03:22 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Amonetize.18

505

Agnitum Outpost

PUA.Amonetize

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetize

2015.08.16

Avira AntiVirus

ADWARE/Adware.Gen

8.3.1.6

Arcabit

Trojan.Application.Bundler.Amonetize.18

1.0.0.425

avast!

Win32:Amonetize-HI [PUP]

2014.9-150917

AVG

Downloader.Generic14

2016.0.2983

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.15917

Bitdefender

Gen:Variant.Application.Bundler.Amonetize.18

1.0.20.1300

Bkav FE

W32.HfsAdware

1.3.0.7062

Comodo Security

ApplicUnwnt

23015

Dr.Web

Adware.Downware.8564

9.0.1.0260

ESET NOD32

Win32/Amonetize.BR potentially unwanted (variant)

9.12100

Fortinet FortiGate

Riskware/Amonetize

9/17/2015

F-Prot

W32/A-2cc77b1b

v6.4.7.1.166

F-Secure

Gen:Variant.Application.Bundler

11.2015-17-09_5

G Data

Gen:Variant.Application.Bundler.Amonetize.18

15.9.25

IKARUS anti.virus

AdWare.Amonetize

t3scan.1.9.5.0

K7 AntiVirus

Unwanted-Program

13.2016900

Kaspersky

not-a-virus:AdWare.Win32.Amonetize

14.0.0.1411

McAfee

RDN/Generic PUP.x!cn3

5600.6639

MicroWorld eScan

Gen:Variant.Application.Bundler.Amonetize.18

16.0.0.780

NANO AntiVirus

Riskware.Win32.Amonetize.dffaha

0.30.24.3079

nProtect

Trojan-Clicker/W32.Amonetize.414432

15.08.13.01

Panda Antivirus

Trj/CI.A

15.09.17.06

Quick Heal

Trojan.Neop.G5

9.15.14.00

Reason Heuristics

PUP.Amonetize.Bundler

15.9.17.18

Rising Antivirus

PE:Trojan.Win32.Generic.176CD4BC!393008316

23.00.65.15915

Sophos

Amonetize (PUA)

4.98

Total Defense

Win32/Tnega.ScZIOZB

37.1.62.1

Trend Micro House Call

TROJ_SPNR.3AJC14

7.2.260

Trend Micro

TROJ_SPNR.3AJC14

10.465.17

Vba32 AntiVirus

AdWare.Amonetize

3.12.26.4

VIPRE Antivirus

Amonetize

42916

Zillya! Antivirus

Adware.Amonetize.Win32.1260

2.0.0.2352

File size:

404.7 KB (414,432 bytes)

Product version:

1.1.6.20

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Amonetize Downloader

Language:

English (United States)

Common path:

C:\users\{user}\downloads\youtube downloader 4.8.4__8734_il1879329.exe

Digital Signature

Signed by:

KOMPANIYA КRЕАТА LLC

Authority:

Thawte, Inc.

Valid from:

6/16/2014 7:00:00 AM

Valid to:

6/17/2015 6:59:59 AM

Subject:

CN=KOMPANIYA КRЕАТА LLC, O=KOMPANIYA КRЕАТА LLC, L=Kharkiv, S=Kharkiv, C=UA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

04CA5D77531C0E61E4DE2CB0E6E4B5B2

File PE Metadata

Compilation timestamp:

9/10/2014 9:59:43 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:ra5Mqqub6lskGCEurlTA2xhDUynyfIIi+h3jkkVJMy82skyIZjzttmz22n:KMqp6ikqgRpxh5FrA3jkkrsu3ttmzFn

Entry address:

0x17610

Entry point:

E8, 8B, 84, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 94, AF, 3C, 00, 00, 75, 18, E8, A9, 7D, 00, 00, 6A, 1E, E8, F3, 7B, 00, 00, 68, FF, 00, 00, 00, E8, C3, F4, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 94, AF, 3C, 00, FF, 15, 60, 21, 3C, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 94, AF, 3C, 00, 00, 75, 18, E8, 5F, 7D, 00, 00, 6A, 1E, E8, A9, 7B, 00, 00, 68, FF, 00, 00, 00, E8, 79, F4, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3... 
[+]

Entropy:

7.2772

Code size:

192.5 KB (197,120 bytes)

The file youtube downloader 4.8.4__8734_il1879329.exe has been seen being distributed by the following 3 URLs.

http://www.more-manger-files.com/allddT.html?myref=www.downloadthesefiles.net&version=1.1.6.20&prefix=TheWalkingDeadSeasonTwoEpisode5PCDownloadGamefree&campid=4508&instid[appname]=TheWalkingDeadSeasonTwoEpisode5PCDownloadGamefree&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png&AMt=1411229960400&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

http://www.file-gate.net/script/alldd.html?myref=www.newhdplugin.org&version=1.1.6.20&prefix=FlashPlayerSetup&campid=4369&instid[appname]=FlashPlayer&instid[appsetupurl]=https://launchpad.net/lightspark/trunk/lightspark-0.5.3/ download/Lightspark-0.5.3-win32.exe&instid[appimageurl]=http://www.tsxnrey.com/i/White Smoke Inc/.../150x150_v1Logo.jpg&prefix=FlashPlayer&ti1=Mjg1MHw1MDY1fEVDfDN8MXx8|0508bd5422e63360d703a307569c5540|31cdf6f0-2e5f-11e4-b7c3-002590f00f96&capp=FlashPlayer&AMt=1411186077970&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

http://www.more-manger-files.com/allddT.html?myref=www.downloadthesefiles.net&version=1.1.6.20&prefix=TheSims3:Download[FullCrack][??????????????][One2up]&campid=3365&instid[appname]=TheSims3:Download[FullCrack][??????????????][One2up]&instid[thankyoupage]=&instid[appsetupurl]=&instid[interrupted]=&instid[appimageurl]=http://s3.amazonaws.com/.../downloadall.png&AMt=1411196475773&AMh=7fn2b4gxIWmb09igS84d2Ie2zMXUjQgM3KAUfCzDKPbVydo5QZMSwcespsmVBC1AtdCH3iBb48loOaw3

Remove youtube downloader 4.8.4__8734_il1879329.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.