Home / malware SoftwareBundler:Win32/Stallmonitz
First posted on 08 October 2016.
Source: MicrosoftAliases :
There are no other names known for SoftwareBundler:Win32/Stallmonitz.
Explanation :
Installation
This program is a software bundler that installs unwanted software on your PC at the same time as the software you are trying to install. Example 1: Screenshot of a sample that can install the game GTA V.
The window on the left belongs to the original installer, GTA_V_PlayStore_v2.2[1].exe, while the window on the right belongs to the Software Bundler that was downloaded without your consent. We currently detect this bundler as SoftwareBundler:Win32/InstallMonetizer.
The highlighted section on the left window shows that it executed a file named InstallManager.exe from the temp folder. The said executed file displays the window on the right.
Example 2: Screenshot of a sample that can install a software named Outlook Password Decryptor
.
Payload
Connects to a remote host
We have seen this softwarebundler connect to a website to get the link on where it can download SoftwareBundler:Win32/InstallMonetizer.
See the list of some of the websites we have seen it connect to:
- coapr13south.com
- coapr14pool.com
- coapr15south.com
- coaug13belly.com
- coaug15in.com
- codec15mas.com
- cofeb15west.com
- cojan15east.com
- cojuly13fish.com
- cojuly15pal.com
- cojulyfastdl.com
- cojune13coast.com
- cojune14man.com
- cojun15cart.com
- comar13west.com
- comarch14fast.com
- comar15north.com
- comay13north.com
- comay14sun.com
- comay15coat.com
- conov13cate.com
- conov14winter.com
- conov15lan.com
- cooct13hen.com
- cooct15ca.com
- cooctdlfast.com
- cosept15us.com
- installmonetizer.com
- mickyfastdl.com
- ntdlzone.com
- pickmeapp.com
NOTE: The websites are no longer available as of this time.
Analysis by: James Patrick DeeLast update 08 October 2016
