data-text-html,-script-window.close();--script-_downloader.exe

The executable data-text-html,-script-window.close();--script-_downloader.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from dll513.yfdownloader.com.
MD5:
c1ceb119454ae05f79f89b1097ff47dc

SHA-1:
c150704d7e8e91c5b0167abad6ade7cea1825cce

SHA-256:
8e775093c70fd41bb9bab469718d6e54de0cbbcc5aa80c2672893410cfed99fe

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/24/2024 11:45:16 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.8.5.4

File size:
1.7 MB (1,736,991 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\data-text-html,-script-window.close();--script-_downloader.exe

File PE Metadata
Compilation timestamp:
1/24/2015 5:55:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:zycLPW7MuS/doyw6eWwHonmkbs+51GBXerrto/+WkHdWTjfbOu7DkMMy:+kWv7lZ+m0s+trKWPdGfbtsxy

Entry address:
0x4B3A1A

Entry point:
68, D8, E4, 29, 83, 60, 60, C7, 44, 24, 40, DD, 22, 21, C0, 9C, C7, 44, 24, 40, 80, 11, 20, 7F, 89, 24, 24, 9C, 8D, 64, 24, 44, E9, 96, 7D, 32, 00, 9C, 60, 8D, 4C, 49, 0A, 9C, 9C, 9C, 9C, 8D, 64, 24, 50, E9, 61, DB, F9, FF, BB, BE, 96, EF, 70, 2A, 5A, 5C, B9, A9, EC, 4A, E6, F5, EA, 62, F4, AF, A6, EB, 70, 1B, 42, 4C, 10, 6F, F2, B7, 9C, 01, 56, 4D, 08, 9E, B6, DE, 7C, 2A, E0, AC, D5, 77, 59, 71, 75, A1, E0, 2A, 30, 09, 00, 2F, E6, 23, 58, D6, 2A, E6, 8C, F9, 63, E9, 50, 64, AC, 87, A1, C7, CF, F9, 65, 1A...
 
[+]

Entropy:
7.9980  (probably packed)

Code size:
786 KB (804,864 bytes)

The file data-text-html,-script-window.close();--script-_downloader.exe has been seen being distributed by the following URL.