» download.exe
Overview
Analysis
File Details
Downloads (1)

download.exe

id35_281012

BR SOFTWARE LLC

The application download.exe by BR SOFTWARE has been detected as adware by 7 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.onlinemidia.com.

File name:

download.exe

Publisher:

BR SOFTWARE LLC (signed and verified)

Product:

id35_281012

Version:

1.0.0.0

MD5:

6289457e74d3e74bac7939cf3734b3ea

SHA-1:

29a511b2c81b6c98e82a16d195050df6cb320ebd

SHA-256:

1b239a4c2fab9baa82eeec06366e040db0ffdb31960a26dc7e0a00f19eed693b

Scanner detections:

7 / 68

Status:

Adware

Analysis date:

11/5/2024 2:51:55 AM UTC (today)

Scan engine

Detection

Engine version

AVG

AdInstaller.K

2015.0.3349

ESET NOD32

MSIL/Adware.PCMega (variant)

8.7802

IKARUS anti.virus

Win32.Downloader.RDN

t3scan.1.1.122.0

Malwarebytes

Adware.Downloader

v2014.09.17.01

McAfee

Artemis!6289457E74D3

5600.7005

Norman

W32/PCMega.GK

11.20140917

Reason Heuristics

PUP.BRSOFTWARE.I

14.9.17.1

File size:

16.8 KB (17,184 bytes)

Product version:

1.0.0.0

Original file name:

id35_281012.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\download.exe

Digital Signature

Signed by:

BR SOFTWARE LLC

Authority:

GlobalSign nv-sa

Valid from:

10/31/2012 11:52:01 AM

Valid to:

6/9/2015 3:58:43 PM

Subject:

CN=BR SOFTWARE LLC, O=BR SOFTWARE LLC, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121489B8CD8A37B0C0CDAC89F3EC18CB4A7

File PE Metadata

Compilation timestamp:

10/30/2012 1:06:53 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

192:E3miadV6MyO+Kf7jnclFMq43fHJHEkPIZ6Q1551eDLhwWbSTXL20jgsgXAJQl01i:EMByO+Kf7gFMh/9E46SXhw7DUBCQYy

Entry address:

0x46EE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

10 KB (10,240 bytes)

The file download.exe has been seen being distributed by the following URL.

http://www.onlinemidia.com/ids/.../download.exe

Remove download.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.