» برامج_تصميم_مطابخ_308040_downloader.exe
Overview
Analysis
File Details
Downloads (4)

برامج_تصميم_مطابخ_308040_downloader.exe

YourFileDownloader Installer

http://yourfile-downloader.com

This is the Via Advertising bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application برامج_تصميم_مطابخ_308040_downloader.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. The program is a setup application that uses the YourFile Downloader installer, however the file is not signed with an authenticode signature from a trusted source. According to AVG, this software downloads additional adware offers during setup.

File name:

Publisher:

http://yourfile-downloader.com

Product:

YourFileDownloader Installer

Version:

1, 0, 639, 1

MD5:

d23893305e6d1120e05995cd41853985

SHA-1:

44fd382fab8b2c90a15071e390fd8b48165568e3

SHA-256:

62d1b78dc7b2e7bdc6d8cca4147a6bfa9db0343999a4a4921674c26213586b94

Scanner detections:

24 / 68

Status:

Potentially unwanted

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/25/2024 12:59:36 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.589566

631

Agnitum Outpost

PUA.Downloader

7.1.1

AhnLab V3 Security

PUP/Win32.Downloader

2015.04.16

avast!

Win32:Adware-gen [Adw]

2014.9-150514

AVG

Downloader

2016.0.3109

Baidu Antivirus

PUA.Win32.ExpressDownloader

4.0.3.15514

Bitdefender

Gen:Variant.Kazy.589566

1.0.20.670

Dr.Web

Adware.Downware.10806

9.0.1.0134

Emsisoft Anti-Malware

Gen:Variant.Kazy.589566

8.15.05.14.07

ESET NOD32

Win32/ExpressDownloader.K potentially unwanted (variant)

9.11482

Fortinet FortiGate

Riskware/ExpressDownloader

5/14/2015

F-Secure

Gen:Variant.Kazy.589566

11.2015-14-05_5

G Data

Gen:Variant.Kazy.589566

15.5.25

herdProtect (fuzzy)

variant of yourfile_749271_downloader.exe (PUP)

2015.8.11.16

Kaspersky

not-a-virus:Downloader.Win32.Agent

14.0.0.2041

McAfee

GenericR-DIQ!D23893305E6D

5600.6765

MicroWorld eScan

Gen:Variant.Kazy.589566

16.0.0.402

NANO AntiVirus

Trojan.Win32.Agent.dqimma

0.30.16.1110

Panda Antivirus

Trj/CI.A

15.05.14.07

Reason Heuristics

Threat.Bundler.Via Advertising

15.5.14.15

Sophos

Generic PUA EE

4.98

Trend Micro House Call

TROJ_GEN.R021C0EDD15

7.2.134

Trend Micro

TROJ_GEN.R021C0EDD15

10.465.14

VIPRE Antivirus

Trojan.Win32.Generic

39388

File size:

3.8 MB (4,015,104 bytes)

Product version:

1.0.0.1

Original file name:

YourFileDownloaderInstaller.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

YourFile Downloader

Language:

English

Common path:

C:\users\{user}\downloads\?????_?????_?????_308040_downloader.exe

File PE Metadata

Compilation timestamp:

4/6/2015 7:20:08 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:1qDTZEFdk+8Qs1DPye+EC5leRNgB9sbvjiOoN0v9u+aYZv/vM4Ow+D/aX9z8bx4:1qTZEFHe+xj6bvt9PTZHUVnDaa14

Entry address:

0x8CBED

Entry point:

E8, 34, C8, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, E8, F4, 4E, 00, E8, 8D, E4, 00, 00, E8, CE, B2, 00, 00, 0F, B7, F0, 6A, 02, E8, C7, C7, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, A4, 1B, 01, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.7123 (probably packed)

Code size:

802 KB (821,248 bytes)

The file برامج_تصميم_مطابخ_308040_downloader.exe has been seen being distributed by the following 4 URLs.

http://dll513.your-fd.net/j5GSR2abj1Jq0b5Gecy0LiXquitnrbxgUra0OX 6xydt8dRjEOjdaxLi1G0Mq4QBR7jIVgLQzF8P0tsfW5p1HVueWh4mzT1dMoZsGSyRctw6hWXibzk/6DptfuRnOQfnOn96/w1jXaYRcU/zA3ZawgpvG8QdTR/fEldizBVdL8cMVXj zBY73udYEtzmUTKo0VI6 qJmLa/lGzS/p3xY/ax4XPmTZl/.../TdY0Hk

http://dll513.your-fd.net/j5GxUm7VqlNnxqpaeJOQFU/vgWxztrwoPaevLnmjyjRsrZEiS6THKUemyytZ5cBXHOTGUgLRyVkQl4gNU4w8Qg7cN093xC8LJ4Z5ES KTuoqwSahJnJ47TBtftAucVH2YzkD9A55SvBbJQvrDmtuywFvQZoGSFzKEldTyg4GItwTCjHT8W8q1PNaOc3zBRWZqE4wpv4fOqf/JzaQ9Cdc47g4AaT9ORnml2RY8ZtoSc2fakPJg1lOzcMFIofbG nOjFTkz/.../gf8KNIzrSzfP9yhrxehyIaK7eSSlvHl4 YMxev3cNkPl32oVttQ9HbvAB0i6wA==

http://dll513.your-fd.net/j5GLXmmbilRq278UT960OyXspyg59Pd7Pa 4Nn2tj3Vqv9hmFuLRaB7g2mcb/oIWTLWRWgPQyVgO189JSolzB1CJdygrlDRIYIB/HiyeeOARiGz3Nz0srTVodOwxNRC1KmhWyAp/Wu9bYEX6C3xCzQtoG8QdTR/fEldizBVdL8cMVXjhzBY73udYEtzmUTKo0VI6 qJmLa/lGzS/p3lW4rB VuSMYVHtiGVb6YwtELzGPQaPj1lJ3tVXRIqMULfA3FXgwvEVucyjQezP B2kYP9F9zblpuxq68fVKbbvnHawqsZ2lq2dPZbmwnuf 8V8h/iIFdTS2EWSmYwZzp35FYqRshFp1bAGMoSrXWmL53VshbZzc6S7Ly6m7n0s/.../iGbxu23Tk=

http://dll513.your-fd.net/j5GDVmnV4lJin6BeYd2jaGHSuS58pfItZKG4aW673GIq/t1kGufeYxDynipIsZVeH zFUwTUwE1GhY8bVI1zLFeIOERkhHsaIJJkHBWMaPMrwS2hMWxw6D05LKkubFLMNmNW419kQf4HcF7xD2wfwAFxE9MWU2bIGVFT2whRfPowCjfS41wW2OpdLtTVVj7 vhoho EfMLurdWz6tHFW/adiUueEJQiEzjUet5dgENufP0SGi1BJ24ZXStqODLfCil2zx/ZJvs6jEOzK 17kYvM/3SG 56RuuKL bq61lTWu/spzl/PdRI/wkC3M6tBNiqGHEsCYn1/L05tEn9H8UZud81M60fgMP4P7DT Nsnc/.../4U=

Remove برامج_تصميم_مطابخ_308040_downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.