home

downloader.exe

Runner Utility

LLC Arctic West

The executable downloader.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
Dummy, Ltd.  (signed by LLC Arctic West)

Product:
Runner Utility

Version:
1.0.0.151

MD5:
a51d9231a9ded4707b3b03eaf35b4c96

SHA-1:
13fb5f570efcbf46825f439c7cd82ff29a56cc03

SHA-256:
66d845ae9dc8db4c5dbdb7557d6e29b6898d4eea598c63a089ebed613368f3c9

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/15/2024 4:33:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.9.19

File size:
1.9 MB (1,959,936 bytes)

Product version:
1.0.0.151

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\downloader.exe

Digital Signature
Signed by:
LLC Arctic West

Authority:
COMODO CA Limited

Valid from:
8/25/2015 3:00:00 AM

Valid to:
8/25/2016 2:59:59 AM

Subject:
CN=LLC Arctic West, O=LLC Arctic West, STREET=Lviv highway 1, L=Mikolaiv, S=Lvovskaja, PostalCode=81600, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
416057CF015B4832DC973BA203AAB312

File PE Metadata
Compilation timestamp:
9/2/2015 12:33:05 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x3E1AE7

Entry point:
68, F2, 1B, 3A, DA, E8, 1D, 7F, E4, FF, C4, 33, 75, 67, 5F, CE, 1F, 9C, BD, 38, C4, 71, 2A, E3, E1, C6, 71, 8D, 6E, 1A, 62, 34, 4A, 68, 52, D0, 1E, A0, F5, 40, FB, 81, 5D, 03, 3D, 06, E1, 0C, 7E, 19, 27, 32, DE, 63, 86, C7, B0, 8F, 00, 00, 00, 57, 69, 64, 65, 43, 68, 61, 72, 54, 6F, 4D, 75, 6C, 74, 69, 42, 79, 74, 65, 00, 38, 1B, 72, 6B, 46, 30, 9E, D1, 6F, 72, 75, B6, DB, D9, 9B, 69, 9B, C5, 63, 4C, 01, B9, 13, 8B, 93, 8D, F1, E6, 2C, 50, 86, BD, 4A, 04, FF, AD, A7, 08, CC, 50, D9, 9C, 00, ED, A7, 02, 22...
 
[+]

Entropy:
7.9915  (probably packed)

Code size:
1.9 MB (1,948,672 bytes)

Remove downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.