download.exe

data vendors manipulates

Boris Burkin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application download.exe by Boris Burkin has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from lp.ezdownloadpro.info.
Publisher:
the  (signed by Boris Burkin)

Product:
data vendors manipulates

Version:
6.9.0.0

MD5:
3cb8b6348ec69c065a0016d96a017b90

SHA-1:
9baeeffea13fa7344b30e1339b0cfb96c5d96460

SHA-256:
eec3793231ec2b2b1d10d6352a1a298e64cd34f451baf4fe21f063cc9d4819e0

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/26/2024 12:49:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebPick (M)
17.2.15.23

File size:
731.9 KB (749,496 bytes)

Product version:
6.9.0.0

Copyright:
Copyright (c) 2014

Original file name:
networking DBMS used refers

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\download.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
9/18/2013 9:00:00 PM

Valid to:
9/19/2014 8:59:59 PM

Subject:
CN=Boris Burkin, O=Boris Burkin, STREET=Tankistiv 14, L=Kyiv, S=Kyivska, PostalCode=03061, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
033AD040336E8286DF7ACF4D4908361F

File PE Metadata
Compilation timestamp:
5/13/2014 3:05:04 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x10BBB

Entry point:
E8, 4E, 4A, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C8, 21, 42, 00, E8, 2F, 21, 00, 00, E8, E0, 07, 00, 00, 0F, B7, F0, 6A, 02, E8, E1, 49, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, A0, 37, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
103.5 KB (105,984 bytes)

The file download.exe has been seen being distributed by the following URL.

http://lp.ezdownloadpro.info/.../Download.exe

Remove download.exe - Powered by Reason Core Security