home

dlnow_setup_1.20.exe

DLNow Setup

Logixoft

The application dlnow_setup_1.20.exe by Logixoft has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.videohelp.com and multiple other hosts.
Publisher:
Logixoft  (signed and verified)

Product:
DLNow Setup

Version:
1.2.0.0

MD5:
d237770d3e0520c0206e3eaf1687ffd8

SHA-1:
36317a9989e5bb3dd06085fa02d34d355aeee648

SHA-256:
f82a2cbb9e40a192b8595489dfa9fbc8fb460e6ab2a8c1de97c3956295da10e8

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/16/2024 9:36:53 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.17.21

File size:
28 MB (29,396,136 bytes)

Product version:
1.2.0.0

Copyright:
Copyright (C) 2016 Logixoft

Original file name:
dlnow_setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\dlnow_setup_1.20.exe

Digital Signature
Signed by:
Logixoft

Authority:
GlobalSign nv-sa

Valid from:
4/26/2016 2:04:46 PM

Valid to:
4/27/2019 2:04:46 PM

Subject:
CN=Logixoft, O=Logixoft, S=Bretagne, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112117D4A5842F3B784C81F4B86B98258AB4

File PE Metadata
Compilation timestamp:
8/17/2016 2:01:58 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
786432:r+u00ti4l81quJP3nprnu8gfyDyDDrn2pt8y:Zti46TFnFgjrg3

Entry address:
0x7CCC

Entry point:
E8, 7B, 03, 00, 00, E9, 8E, FE, FF, FF, E9, 1C, 2D, 00, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 58, 00, 00, 00, C7, 06, F4, 44, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 83, 61, 04, 00, 8B, C1, 83, 61, 08, 00, C7, 41, 04, FC, 44, 41, 00, C7, 01, F4, 44, 41, 00, C3, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 25, 00, 00, 00, C7, 06, 10, 45, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 83, 61, 04, 00, 8B, C1, 83, 61, 08, 00, C7, 41, 04, 18, 45, 41, 00, C7, 01, 10, 45, 41, 00, C3, 55, 8B, EC, 56, 8B, F1, 8D, 46, 04, C7, 06...
 
[+]

Code size:
73.5 KB (75,264 bytes)

The file dlnow_setup_1.20.exe has been seen being distributed by the following 8 URLs.

http://www.videohelp.com/.../dlnow_setup_1.20.exe

http://ftp-stahuj.centrum.cz/dl/7008747e1baa453b202e1a1fd61d2f30/582c93b6/stahuj/download/software/secured/d/dlnow/.../dlnow_setup_1.20.exe

http://download.freedownloadmanager.org/Windows-PC/.../FREE-1.10.html?ac51439

http://dlnow-video-downloader.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPxJrO1TsV2ZQoV4i4Pnuvz5BfvcJF5YcB ioRo OYiFQ19NcvbGL67B8D883AGAIAlJhqMNI9yEuoySVgKlQYeaWbpPllvMswix BaIrSbI6c/.../ZLGk=

http://telechargement2.pcastuces.com/temp6bs2/.../dlnow_setup_1.20.exe

http://www.fr.dlnowsoft.com/dlnow_setup_1.20.exe

http://gsf-cf.softonic.com/363/17a/.../dlnow_setup_1.20.exe

http://www.dlnowsoft.com/dlnow_setup_1.20.exe

Remove dlnow_setup_1.20.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.