home

downloader.exe

Click run software

The application downloader.exe by Click run software has been detected as adware by 22 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.my-video-downloader.com and multiple other hosts.
Publisher:
Click run software  (signed and verified)

MD5:
e3e0eb102463ae1ebc270b025dcc14c3

SHA-1:
8e9a89d8714df174ca3ee76c832703b52143fd0c

SHA-256:
8598d77b26e6684ccde9f9ef5715726f6a4634e08ea407b2bb9f4d13b4b72704

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/24/2024 10:09:58 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.InstallCore
2012.08.14

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.39.182

Bitdefender
Trojan.Generic.7624916
1.0.20.630

Clam AntiVirus
W32.Adware.InstallCore-1
0.98/18155

Comodo Security
ApplicUnwnt.Win32.AdWare.Agent.~AW
13227

Dr.Web
Adware.InstallCore.43
9.0.1.0126

Emsisoft Anti-Malware
Win32.SuspectCrc!IK
8.14.05.06.02

ESET NOD32
Win32/InstallCore (variant)
8.7381

Fortinet FortiGate
W32/InstallCore.T
5/6/2014

F-Prot
W32/InstallCore.C.gen
v6.4.6.5.141

F-Secure
Trojan.Generic.7624916
11.2014-06-05_3

G Data
Trojan.Generic.7624916
14.5.22

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.1.122.0

K7 AntiVirus
Unwanted-Program
13.146.7488

nProtect
Trojan.Generic.7624916
12.08.13.01

Reason Heuristics
PUP.Clickrunsoftware.K
14.8.7.20

Sophos
Install Core
4.80

Trend Micro House Call
ADW_INSTALLCORE
7.2.126

Trend Micro
ADW_INSTALLCORE
10.465.06

Vba32 AntiVirus
BScope.Trojan.MTA.0157
3.12.18.2

VIPRE Antivirus
Click run software
12612

XVirus List
Win32.Detected
2.8.7

File size:
1012.3 KB (1,036,560 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\downloader.exe

Digital Signature
Signed by:
Click run software

Authority:
COMODO CA Limited

Valid from:
4/18/2012 8:00:00 PM

Valid to:
4/19/2013 7:59:59 PM

Subject:
CN=Click run software, O=Click run software, STREET=63 Rotshylid Shderot, L=Tel-Aviv, S=NA, PostalCode=65785, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A243E49C0DAF69F7C5ACF083EB184161

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:JtvOocsIWM7gya/w/ChIYmEs5MJ2j/B9znMfXwY5dXyUFGhDZZSHKXndIH0tVyE8:J1lcBPEgY5H0tVHt95mJbViCO2

Entry address:
0xC1A49

Entry point:
55, 8B, EC, 83, C4, F0, B8, 64, F0, 4E, 00, E8, F7, ED, FF, FF, 00, 53, 56, 57, 55, 83, C4, F8, 8B, F2, 8B, F8, BD, F4, 25, 46, 00, 81, C7, FF, 3F, 00, 00, 81, E7, 00, C0, FF, FF, 8B, 5D, 00, EB, 33, 3B, 7B, 0C, 7F, 2C, 8B, CE, 8B, D7, 8B, 43, 08, E8, BA, FE, FF, FF, 83, 3E, 00, 74, 50, 8B, 46, 04, 01, 43, 08, 8B, 46, 04, 29, 43, 0C, 83, 7B, 0C, 00, 75, 3E, 8B, C3, E8, EC, FB, FF, FF, EB, 35, 8B, 1B, 3B, DD, 75, C9, 8B, D6, 8B, C7, E8, F7, FC, FF, FF, 83, 3E, 00, 74, 21, 8B, CC, 8B, D6, 8B, C5, E8, E3, FB...
 
[+]

Entropy:
6.8925

Developed / compiled with:
Microsoft Visual C++

Code size:
787 KB (805,888 bytes)

The file downloader.exe has been seen being distributed by the following 5 URLs.

http://www.my-video-downloader.com/download/.../video_downloader.exe

http://www.my-video-downloader.com/download/.../Downloader.exe

http://www.webnewapp.com/download/bin/.../video_downloader.exe

http://www.my-video-downloader.com/download/bin/.../video_downloader.exe

http://www.webnewapp.com/download/.../Downloader.exe

Remove downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.