home

downldr.exe

Zhuhai Kingsoft Software Co.,Ltd

Publisher:
Zhuhai Kingsoft Software Co.,Ltd  (signed and verified)

MD5:
a1003d1eabfd64c7008377809a4b9bf4

SHA-1:
5ce812e6decc028947ea9f6377a2a6168211b3b7

SHA-256:
228085f742f5c9ea40d64eadd3230aee596460e2e4e4d66031a65519ea62c835

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 2:23:16 AM UTC  (today)

File size:
25.9 KB (26,520 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\kingsoft\ksfa\downldr.exe

Digital Signature
Signed by:
Zhuhai Kingsoft Software Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
6/22/2009 8:00:00 AM

Valid to:
6/22/2012 7:59:59 AM

Subject:
CN="Zhuhai Kingsoft Software Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Zhuhai Kingsoft Software Co.,Ltd", L=Zhuhai, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0BA4BC439930346B95694B4C7F2B981B

File PE Metadata
Compilation timestamp:
1/4/2011 10:45:47 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
384:RaCQsSga6wxjlydt1qfx7x5F61XAQSlqiW7YJLu1AFbCJHy:RaDmdfdIdx5wwnlqiWKLWSbCQ

Entry address:
0x1074

Entry point:
55, 8B, EC, B8, A0, 21, 00, 00, E8, BF, 2F, 00, 00, 53, 56, 57, FF, 15, 10, 50, 40, 00, 8D, 4D, F4, 51, 50, FF, 15, 5C, 51, 40, 00, 33, DB, 8B, F0, 53, 8D, 8D, 60, DE, FF, FF, 89, 75, DC, E8, 71, 11, 00, 00, 8A, 45, FF, 53, 8D, 8D, 70, FF, FF, FF, 88, 85, 70, FF, FF, FF, FF, 15, 78, 50, 40, 00, 8A, 45, FF, 53, 8D, 8D, 60, FF, FF, FF, 88, 85, 60, FF, FF, FF, FF, 15, 78, 50, 40, 00, 8A, 45, FF, 53, 8D, 4D, A0, 88, 45, A0, FF, 15, 78, 50, 40, 00, 8A, 45, FF, 53, 8D, 4D, CC, 88, 45, CC, FF, 15, 78, 50, 40, 00...
 
[+]

Entropy:
6.4195

Code size:
12.5 KB (12,800 bytes)

The file downldr.exe has been seen being distributed by the following URL.

http://cu003.www.duba.net/duba/tools/dubatools/.../downldr.exe

Scan downldr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.