home

downloader.exe

Runner Utility

LLC Arctic West

The executable downloader.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
Dummy, Ltd.  (signed by LLC Arctic West)

Product:
Runner Utility

Version:
1.0.0.151

MD5:
26a590fea080ebb019b857693dd7513c

SHA-1:
34f6de14b1606af569a3e4d17093aff10516f3ef

SHA-256:
7fe9a759dfbaac608851a593c18b279ecc73eeb7770a6e52481641eb230da84b

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/15/2024 4:51:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.7.3

File size:
1.9 MB (1,948,672 bytes)

Product version:
1.0.0.151

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\downloader.exe

Digital Signature
Signed by:
LLC Arctic West

Authority:
COMODO CA Limited

Valid from:
8/25/2015 2:00:00 AM

Valid to:
8/25/2016 1:59:59 AM

Subject:
CN=LLC Arctic West, O=LLC Arctic West, STREET=Lviv highway 1, L=Mikolaiv, S=Lvovskaja, PostalCode=81600, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
416057CF015B4832DC973BA203AAB312

File PE Metadata
Compilation timestamp:
8/29/2015 11:53:07 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x3DCEDD

Entry point:
68, 8C, F0, F3, EC, E8, D7, 83, E4, FF, C0, D0, 33, B3, 0D, E4, 35, 98, 19, C9, 5C, FE, 49, 50, 8E, F2, D1, 52, A9, FF, 80, 67, CB, 6D, B2, 00, 30, D5, 4C, 2D, 18, F4, 46, C4, CA, 33, EE, 67, 2C, 01, DE, EB, 78, D4, D3, C4, 04, 92, 0B, C9, F1, D6, 50, DF, 03, 76, 9E, 35, 96, 5B, 93, 75, 96, CE, 5E, 4A, A6, 51, 1B, 78, E9, BA, 61, 92, 2C, 53, 94, C6, 01, 94, 98, 49, 50, 66, 64, 94, 71, E9, B6, DA, 8D, 64, B1, 17, 24, 49, B9, C3, 29, 20, 98, 53, E4, 33, A9, 4C, 12, 3E, 83, 7B, AF, A9, 11, A3, 5A, 6E, C3, 30...
 
[+]

Entropy:
7.9926  (probably packed)

Code size:
1.8 MB (1,937,408 bytes)

Remove downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.