» password-recovery-bundle.en.softonic.com
Overview
Analysis
IPs Addresses (1)
Downloads (3)
Network (4)
Related Domains (4)

password-recovery-bundle.en.softonic.com

Domain Information

This domain is owned and operated by Softonic International.

Server location:

Catalonia, Spain (ES)

ASN:

AS51773 SOFTONIC-AS SOFTONIC INTERNATIONAL S.L.

Root domain:

softonic.com

Registered by:

Softonic International

Scanner detections:

Detections (67% detected)

Scan engine

Details

Detections

Reason Heuristics

Bundler.PPI.Softonic.p, PUP.Softonic (M)

66.67%

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.123194

33.33%

Kaspersky

not-a-virus:Downloader.Win32.Agent

33.33%

ESET NOD32

Win32/SoftonicDownloader.G potentially unwanted application

33.33%

VIPRE Antivirus

Threat.4786139

33.33%

Dr.Web

Trojan.Siggen6.26583

33.33%

Malwarebytes

PUP.Optional.Softonic

33.33%

K7 AntiVirus

Unwanted-Program

33.33%

NANO AntiVirus

Trojan.Win32.Agent.dlbbee

33.33%

F-Prot

W32/S-1281df00

33.33%

G Data

Win32.Adware.Softonic

33.33%

Baidu Antivirus

Hacktool.Win32.Downloader

33.33%

The domain password-recovery-bundle.en.softonic.com has been seen to resolve to the following IP address.

46.28.209.13

January 13, 2015

File downloads found at URLs served by password-recovery-bundle.en.softonic.com.

1 / 68 (PUP)

http://password-recovery-bundle.en.softonic.com/universaldownloader-launch (softonicdownloader_for_password-recovery-bundle.exe)

1 / 68

http://password-recovery-bundle.en.softonic.com/download-tracker?th=1/.../3xirOON8BPzTFxLiqqTlBFIM6sZ8 2Giw4Vr2k= (passwordrecoverybundle.exe)

11 / 68 (PUP)

http://password-recovery-bundle.en.softonic.com/universaldownloader-launch (softonicdownloader_for_password-recovery-bundle.exe)

The following 4 files have been seen to comunicate with password-recovery-bundle.en.softonic.com in live environments.

TCP » 46.28.209.13:80

OrbitDM.exe (Orbit Downloader by Orbitdownloader.com)

TCP » 46.28.209.13:80

kmp_3.8.0.122.exe (Softonic Downloader by Softonic)

TCP » 46.28.209.13:80

Client.exe

TCP » 46.28.209.13:80

WajamInternetEnhancer.exe (Wajam Internet Enhancer by Wajam Internet Technologies)

Related Domains

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.