download.exe

The application download.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from bookbook.in and multiple other hosts.
MD5:
abe9a299950a8e60100f38f1fc4b4f03

SHA-1:
0a925e2a90c5775eae20f1fabce9ac00accefe25

SHA-256:
d37996bf47b20b87747137dff4e4396ad24e8168875a1fb6d04437bafadfca90

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
12/28/2024 10:47:51 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Agent-AYLT [PUP]
160414-2

AVG
Adware Generic_r.VD
2015.0.4568

Dr.Web
Trojan.Crossrider.37842
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.MPlug.16
11.5.0.6191

ESET NOD32
Win32/AdWare.MultiPlug.CT application
8.0.319.0

Kaspersky
not-a-virus:HEUR:AdWare.Win32.MultiPlug
15.0.0.562

McAfee
Program.MultiPlug-FRO
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.68.0

Norman
Gen:Variant.Adware.MPlug.16
19.05.2016 05:17:13

File size:
887.5 KB (908,800 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\download.exe

File PE Metadata
Compilation timestamp:
8/25/2013 7:58:32 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:Xm2me+N0Qadl6hlUAN2cbuJDlseOcCfUn:Xmnei0ndltJZcCn

Entry address:
0x413C6

Entry point:
E8, 78, 48, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, F4, 44, 00, E8, E4, 0F, 00, 00, E8, 45, 4A, 00, 00, 0F, B7, F0, 6A, 02, E8, 0B, 48, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D6, 08, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
293.5 KB (300,544 bytes)

The file download.exe has been seen being distributed by the following 2 URLs.

Remove download.exe - Powered by Reason Core Security