» download.exe
Overview
Analysis
File Details
Downloads (2)

download.exe

The application download.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from bookbook.in and multiple other hosts.

File name:

download.exe

MD5:

abe9a299950a8e60100f38f1fc4b4f03

SHA-1:

0a925e2a90c5775eae20f1fabce9ac00accefe25

SHA-256:

d37996bf47b20b87747137dff4e4396ad24e8168875a1fb6d04437bafadfca90

Scanner detections:

9 / 68

Status:

Potentially unwanted

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

11/24/2024 12:18:42 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Agent-AYLT [PUP]

160414-2

AVG

Adware Generic_r.VD

2015.0.4568

Dr.Web

Trojan.Crossrider.37842

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.MPlug.16

11.5.0.6191

ESET NOD32

Win32/AdWare.MultiPlug.CT application

8.0.319.0

Kaspersky

not-a-virus:HEUR:AdWare.Win32.MultiPlug

15.0.0.562

McAfee

Program.MultiPlug-FRO

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.223.68.0

Norman

Gen:Variant.Adware.MPlug.16

19.05.2016 05:17:13

File size:

887.5 KB (908,800 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\download.exe

File PE Metadata

Compilation timestamp:

8/25/2013 7:58:32 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:Xm2me+N0Qadl6hlUAN2cbuJDlseOcCfUn:Xmnei0ndltJZcCn

Entry address:

0x413C6

Entry point:

E8, 78, 48, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, F4, 44, 00, E8, E4, 0F, 00, 00, E8, 45, 4A, 00, 00, 0F, B7, F0, 6A, 02, E8, 0B, 48, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D6, 08, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

293.5 KB (300,544 bytes)

The file download.exe has been seen being distributed by the following 2 URLs.

http://bookbook.in/6b73d1d9050aa123f0b3d88cb3309658/chicofilm/dl.php?id=1414789024327959748&r=http://bookchi.in/v3601/lp/?q=COr3H5eYDlwVpnikg0fE A3cH0E9tIBo7p9T8efnvhurH0n8JrPNIFiE4dDcoyplwicYgzV6tS0WpsXmtSdogZx/j6Sfy/.../bQIzcGV6d7JRigId1jR8p2ZTi&__rnd=3bc0a529b8640d83bad55458464befc2

Remove download.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.