avast pro antivirus setup.exe

WeDownload, Ltd

The application avast pro antivirus setup.exe by WeDownload has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Midia Downloader installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. With this installer, users are expecting to download the free AVAST Antivirus but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware. The file has been seen being downloaded from avast-professional-edition.wedownload.info.
Publisher:
WeDownload, Ltd  (signed and verified)

MD5:
95d6a8517030244259d88cdaf06c9078

SHA-1:
bbf3e90aa57e802e03315b70dc4a41224bcd886c

SHA-256:
fea9af3ec217f998bf9b5207fb9fcff20290b3d2998bbb47990d3f98358328e1

Scanner detections:
9 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/15/2024 5:38:05 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Downloader-TOV [PUP]
2014.9-140507

Dr.Web
Adware.Downware.2498
9.0.1.0127

ESET NOD32
MSIL/Soft32Downloader (variant)
8.9658

G Data
Win32.Application.Soft32Downloader
14.5.24

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.05.07.02

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.Installer.WeDownload.Z
14.8.7.20

Trend Micro House Call
TROJ_GE.D2686122
7.2.127

VIPRE Antivirus
Soft32Downloader
28184

File size:
593.4 KB (607,616 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Midia Downloader (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\avast pro antivirus setup.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
2/5/2013 6:00:00 PM

Valid to:
2/11/2016 6:00:00 AM

Subject:
CN="WeDownload, Ltd", O="WeDownload, Ltd", L=Nicosia, C=CY

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0320C5B8F7CE6E92D3665598826A4480

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:lwMDD4z8x0bDiuWkPDBfOkAXlgmpQ5K/dQlnrH2DDm:ltghsSD5o1r68/dQlD4Dm

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9156

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file avast pro antivirus setup.exe has been seen being distributed by the following URL.

Remove avast pro antivirus setup.exe - Powered by Reason Core Security