home

brothersoft_downloader_for_tibia_multi_ip_changer.exe

BSdownloader Module

KORAM GAMES LIMITED

The application brothersoft_downloader_for_tibia_multi_ip_changer.exe by KORAM GAMES LIMITED has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from downloaderfile.brothersoft.com and multiple other hosts.
Publisher:
KORAM GAMES LIMITED  (signed and verified)

Product:
BSdownloader Module

Version:
1, 0, 0, 3

MD5:
d57b4884dd32ed7a09e3dce6c2c9ffc8

SHA-1:
79340f44dc8f6c846b96ab0723ec10b2859f6fa2

SHA-256:
d09c68490695cbf71e0c545771cd58ee916b26e2887119b7919ccfa06b1d7324

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 8:47:22 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.BSDownloader
7.1.1

AVG
Potentially harmful program Downloader.ATN
2014.0.4015

Dr.Web
riskware program Program.BrotherSoft.18
9.0.1.05190

ESET NOD32
Win32/BSDownloader potentially unwanted application
7.0.302.0

F-Prot
W32/Agent.TR.gen
4.6.5.141

IKARUS anti.virus
PUA.BSDownloader
t3scan.1.7.5.0

Malwarebytes
PUP.Optional.BSDownloader
v2014.08.31.07

NANO AntiVirus
Riskware.Win32.BrotherSoft.cvlwba
0.28.2.61861

Reason Heuristics
PUP.Optional.KORAMGAMESLIMITED.r
14.8.31.6

VIPRE Antivirus
Threat.4150696
32210

File size:
658.2 KB (674,000 bytes)

Product version:
1, 0, 0, 3

Copyright:
Copyright 2011

Original file name:
BSdownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\brothersoft_downloader_for_tibia_multi_ip_changer.exe

Digital Signature
Signed by:
KORAM GAMES LIMITED

Authority:
VeriSign, Inc.

Valid from:
1/10/2014 1:00:00 AM

Valid to:
2/9/2017 12:59:59 AM

Subject:
CN=KORAM GAMES LIMITED, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=KORAM GAMES LIMITED, L=HongKong, S=HongKong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
53B6BD34F6B702DEC3C291D72E678EEF

File PE Metadata
Compilation timestamp:
3/28/2013 4:24:33 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:2Z5vrSGq8r8bH12zt9kIl7lVTMtmx+s9Er2cDsFr+ZiltVBOlvVG7gBllggGW5Hm:2T3lYb8zIXYrFrFsSQdrVxjex

Entry address:
0x7C6EB

Entry point:
E8, 05, 05, 00, 00, E9, 37, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 55, 33, FF, 33, ED, 8B, 44, 24, 14, 0B, C0, 7D, 15, 47, 45, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 28, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, F0, 8B, C3, F7, 64, 24, 18, 8B, C8, 8B, C6, F7, 64, 24, 18, 03, D1, EB...
 
[+]

Code size:
503.5 KB (515,584 bytes)

The file brothersoft_downloader_for_tibia_multi_ip_changer.exe has been seen being distributed by the following 3 URLs.

http://downloaderfile.brothersoft.com/cache/international/1389351352/.../Brothersoft_downloader_For_Tibia_Multi_IP_Changer.exe

http://downloaderfile.brothersoft.com/international_down.php?url=http://frfiles.brothersoft.com/internet/.../ipchanger.zip&name=Tibia Multi IP Changer&country=fr

http://www.brothersoft.fr/soft-138404.download

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.