» downloader.so
Overview
Analysis
IPs Addresses (2)
Downloads (11)
Network (1)
Related Domains (6)

downloader.so

Domain Information

Server location:

Islas Baleares, Spain (ES)

ASN:

AS57910 SCIP-AS Soluciones Corporativas IP, SL,ES

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.GeryonAdsSL.Q, PUP.GeryonAdsSL.P, PUP.installCore.GeryonAds (M), PUP.installCore.SoftInstall.Installer (M), PUP.installCore.SoftInst.Installer (M)

100.00%

Baidu Antivirus

Adware.Win32.InstallCore

36.36%

ESET NOD32

Win32/InstallCore.QC (variant), Win32/InstallCore.QB (variant), Win32/InstallCore.PQ (variant)

36.36%

Dr.Web

Trojan.MulDrop5.38104, Trojan.Packed.28933

18.18%

herdProtect (fuzzy)

a variant of 73cd007f18143dcb6b2171a33869cad7cf50704c

9.09%

McAfee

Artemis!AFEF5761BC43

9.09%

Trend Micro House Call

Suspicious_GEN.F47V0916

9.09%

Fortinet FortiGate

Riskware/InstallCore

9.09%

Agnitum Outpost

PUA.InstallCore

9.09%

Avira AntiVirus

ADWARE/InstallCore.Gen7

9.09%

Vba32 AntiVirus

Malware-Cryptor.InstallCore.gen

9.09%

The domain downloader.so has been seen to resolve to the following 2 IP addresses.

37.152.88.26

hostingsrv7.dondominio.com

January 30, 2016

81.169.157.36

h2313861.stratoserver.net

October 20, 2014

File downloads found at URLs served by downloader.so.

1 / 68 (Adware)

http://downloader.so/.../itunes.php (itunes_installer.exe)

1 / 68 (Adware)

http://downloader.so/.../minecraft.php (minecraft_installer.exe)

1 / 68 (Adware)

http://downloader.so/.../minecraft.php (zr7fwhic.exe)

4 / 68 (Adware)

http://downloader.so/.../chrome.php (chrome_installer.exe)

1 / 68 (Adware)

http://downloader.so/.../skype.php (skype_installer.exe)

1 / 68 (Adware)

http://downloader.so/.../itunes.php (itunes_installer.exe)

1 / 68 (Adware)

http://downloader.so/.../skype.php (skype_installer.exe)

3 / 68 (Adware)

http://downloader.so/.../chrome.php (chrome_installer.exe)

1 / 68 (Adware)

http://downloader.so/.../happywheels.php (happywheels_installer.exe)

7 / 68 (Adware)

http://downloader.so/.../skype.php (skype_installer.exe)

7 / 68 (Adware)

http://downloader.so/.../chrome.php (chrome_installer.exe)

The following file have been seen to comunicate with downloader.so in live environments.

TCP » 37.152.88.26:80

ContentFinder.exe (ContentFinder by DigitalSoftware Group)

Related Domains

clk3down.com

comunicaciodigital.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.