home

downloader.exe

Setup Downloader

OOO Yandex

This is a setup and installation application. The file has been seen being downloaded from download.yandex.ru.
Publisher:
OOO Yandex  (signed and verified)

Product:
Setup Downloader

Version:
0.1.0.16

MD5:
e5fee4baacb345fdac2932f71c682206

SHA-1:
73de62228b4f62bb5a092e941317e9b28c9b9e03

SHA-256:
08c9495cfe91b2886e8694152fd865bb2d036ae44deda17fae848a7577f85fc0

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/1/2024 9:32:33 AM UTC  (today)

Scan engine
Detection
Engine version

XVirus List
Win.Detected
2.3.31

File size:
142.4 KB (145,792 bytes)

Product version:
0.1.0.16

Copyright:
Copyright (C) 2012 Yandex LLC

Original file name:
download.exe

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\downloader.exe

Digital Signature
Signed by:
OOO Yandex

Authority:
VeriSign, Inc.

Valid from:
2/5/2010 1:00:00 AM

Valid to:
2/5/2013 12:59:59 AM

Subject:
CN=OOO Yandex, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OOO Yandex, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3769815A97A8FB411E005282B37878E3

File PE Metadata
Compilation timestamp:
10/18/2012 6:44:43 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:zk87sGAPXK5+ShJpzUFox/IYLKVY7hIYQnwYRSfMT+CJVSr:l1s0ldUmx/bLbYnwch3Sr

Entry address:
0x800B

Entry point:
E8, AA, 6D, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B...
 
[+]

Code size:
100 KB (102,400 bytes)

The file downloader.exe has been discovered within the following programs.

CheMax Rus 12.8  by CheMax Team
www.CheMax.ru
About 1% of users remove it
Download Master 5.15.1.1337  by WestByte
Publisher's description - “Download Master is an easy-to-use and effective download manager that can increase download speeds by up to 500 percent. It uses intellectual multi-section download to provide the best possible performance for all connection types.”
www.westbyte.com/dm
56% remove it
MediaDrug  by MediaDrug
Publisher's description - “It has never been easier to download entire mp3 albums by your favorite artists! After hearing a great song play you may want to take a closer look at the artist's work and even download their whole album.”
mediadrug.com
About 6% of users remove it
 
Powered by Should I Remove It?

The file downloader.exe has been seen being distributed by the following URL.

http://download.yandex.ru/yandex-pack/.../downloader.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn.yandex.net  (5.45.205.235:80)

TCP (HTTP):
Connects to cache-mskdataline05.cdn.yandex.net  (5.45.221.15:80)

TCP (HTTP):
Connects to cache-ams07.cdn.yandex.net  (178.154.255.199:80)

Scan downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.