download.exe

The application download.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from b.datacardbar.info.
MD5:
a9c299f9c150b35012472c35da12ccd1

SHA-1:
00d124cdf141500ad9d3523504643767ab9407c4

SHA-256:
a5ac272570ff5b64efe3e3529c8257558aeb826ad707cee8b5ed1f265aa9a919

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/26/2024 11:19:53 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

avast!
Win32:FakeDownload-G [PUP]
160310-2

Dr.Web
Trojan.DownLoader12.42853
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Razy.9017
11.5.0.6191

Norman
Gen:Variant.Razy.9017
29.02.2016 03:11:57

VIPRE Antivirus
Threat.5085665
47432

File size:
897.8 KB (919,323 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\download.exe

File PE Metadata
Compilation timestamp:
7/12/2012 11:55:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:5VCPzcgwSrx7A7GtH2H4SV+Bl6RKyXc84Gu8GNwAe0ovnQoVS6cDo9Mru3WJUTM5:XCrFrrx15JMkW4X8GNM0oVoDIMa3lSp

Entry address:
0xD8032

Entry point:
E8, DF, 14, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, AE, 4E, 00, E8, E8, 19, 00, 00, E8, AC, 16, 00, 00, 0F, B7, F0, 6A, 02, E8, 72, 14, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, E8, 02, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.6526

Code size:
883 KB (904,192 bytes)

The file download.exe has been seen being distributed by the following URL.

Remove download.exe - Powered by Reason Core Security