home

download.exe

The application download.exe has been detected as a potentially unwanted program by 31 anti-malware scanners. The file has been seen being downloaded from f.datacardbar.info and multiple other hosts.
MD5:
0484ff507841bc6c44bec5063f21b74b

SHA-1:
796ea19534f16468f61c222602f53c4082b19815

SHA-256:
4ac646606a3e3845d3200c6b0c35e6b54531576c8c3287c2c2e072fa6260d3e5

Scanner detections:
31 / 68

Status:
Potentially unwanted

Analysis date:
4/22/2025 1:40:59 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.MPlug.16
355

Agnitum Outpost
PUA.MultiPlug
7.1.1

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.08.11

Avira AntiVirus
ADWARE/MultiPlug.Gen4
8.3.1.6

Arcabit
Trojan.Adware.MPlug.16
1.0.0.425

avast!
Win32:MultiPlug-OM [PUP]
2014.9-160214

AVG
Generic_r
2017.0.2833

Baidu Antivirus
Adware.Win32.MultiPlug
4.0.3.16214

Bitdefender
Gen:Variant.Adware.MPlug.16
1.0.20.225

Clam AntiVirus
Win.Trojan.Multiplug-3035
0.98/21511

Comodo Security
Application.Win32.AdWare.MultiPlug.VA
22976

Dr.Web
Trojan.DownLoader12.47255
9.0.1.045

Emsisoft Anti-Malware
Gen:Variant.Adware.MPlug.16
8.16.02.14.06

ESET NOD32
Win32/Adware.MultiPlug.ED (variant)
10.12072

Fortinet FortiGate
W32/Generic.AC.8425
2/14/2016

F-Prot
W32/A-327c3a17
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.MPlug
11.2016-14-02_1

G Data
Gen:Variant.Adware.MPlug.16
16.2.25

K7 AntiVirus
Unwanted-Program
13.207.16840

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.661

McAfee
MultiPlug-FTW
5600.6489

MicroWorld eScan
Gen:Variant.Adware.MPlug.16
17.0.0.135

NANO AntiVirus
Riskware.Win32.MultiPlug.dpkwlu
0.30.24.3079

Panda Antivirus
Generic Suspicious
16.02.14.06

Qihoo 360 Security
Win32/Virus.Adware.f45
1.0.0.1015

Quick Heal
Adware.MultiPlug.GN5
2.16.14.00

Sophos
MultiPlug (PUA)
4.98

Trend Micro
TROJ_GEN.R0C1C0ECP15
10.465.14

Vba32 AntiVirus
AdWare.MultiPlug
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
42770

Zillya! Antivirus
Adware.MultiPlugGen.Win32.24
2.0.0.2345

File size:
979.5 KB (1,003,008 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\download.exe

File PE Metadata
Compilation timestamp:
12/10/2014 5:33:12 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:i0dCz8Bi/mlvmXxYlVKYDff5rAWqT4yHUtX2EqpmhDOi:i0Nl+XxqVXqUe+GEqp0Si

Entry address:
0x43577

Entry point:
E8, 20, 39, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 50, 04, 45, 00, E8, 53, 11, 00, 00, E8, ED, 3A, 00, 00, 0F, B7, F0, 6A, 02, E8, B3, 38, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C2, 09, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
2.9686

Code size:
300 KB (307,200 bytes)

The file download.exe has been seen being distributed by the following 2 URLs.

http://f.datacardbar.info/hp/?q=MsvcG3if Zi7vKEG xn91gO2OMVHAnGI1VGN8WtsP1sl2//OnNPEiIeypJJYSeao7m1Jw6pdYmHZziX6DTEIhPlChDRLtVinbcia8v1igY JnnFeF7DobJfBAihu6PjhUAjLeS0o q98lg/nzYvuKqSzUfwnQqFTBHfr0Eoxn/tvAO8UngxelgQc8SNL4z77IBWfjAqmBIzY01U1bONz3PAUKQcb/Uq8SACkMwHEbBRkiU8OZDiVwP 0fcz7bGhSyO hyUzCH4iIorI3D/1T1Ui41c1gMoNyGGcjt9AEW8t7taSLUtsxwATwVEs XIr0O0RIIbJ2 Ahfl9JdmdHzOtSG0nFUkf0iwVoUfaoBbtwH4ydDtTDmVYAbKR luKWbYLptW7Nf5YwmAd6ub9aRLCzzDtsns/LdBEFUoBsGiJH7eEN0WsvvnJQyQQH2IFkX4QTdtBLGXrjqaRxDiBAFw5RLjzfcsj3wxEU8yTGS/vhZwFQu1fJkLZTjVU1B02RNfVeb Tyh0OY4W6/9gnl1vPtc0pRR4L2VOrJI3HEC3wmSKs4PNS0rVkeeSbk7voWvd561UYsHEA8T7YPh4P/SURjwYx66 R8wXYOlZ4TDeOYcxeqpfndWBK/.../devFX7qXILEhEBnHV h cgWjw6Hp5ICp3aCzilJzl1 5JtPjS7bYxfddiqUrLgikOMVwkWSgYy2GbJ&external_id=1426780656787306902

http://dragonset.info/v2921?self_redirect=0&product_name=11029009_651577224988251_549204838_n.mp4&filesize=1mb&product_title=11029009_651577224988251_549204838_n.mp4&installer_file_name=11029009_651577224988251_549204838_n.mp4&product_file_name=11029009_651577224988251_549204838_n.mp4&product_download_url=http://srv53.clipconverter.cc/download/.../11029009_651577224988251_549204838_n.mp4

Remove download.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.