home

downloader.exe

BANANAS MEDIA

The application downloader.exe by BANANAS MEDIA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
BANANAS MEDIA  (signed and verified)

Version:
0.0.0.0

MD5:
ea247114ab669d7fc6318b7e8820a0cf

SHA-1:
beb0dc9006bd296216649e8efc95c3f0b0e83b1f

SHA-256:
898f901608394df02e109da645eff10a5b3cc12a289441e4bf9cad88d3d772a5

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 5:13:51 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Downloader.BANANASM.Meta (M)
16.7.1.15

File size:
51 KB (52,232 bytes)

Original file name:
downloader_kiwys.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\downloader.exe

Digital Signature
Signed by:
BANANAS MEDIA

Authority:
thawte, Inc.

Valid from:
8/11/2015 2:00:00 AM

Valid to:
8/11/2016 1:59:59 AM

Subject:
CN=BANANAS MEDIA, O=BANANAS MEDIA, L=PARIS, S=PARIS, C=FR

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6DA942780D04295679C2C70A33576AA4

File PE Metadata
Compilation timestamp:
8/17/2015 4:44:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:T3oAk1I/PtnqpTESBCjM77djoI84cn21x6MWxUoiaxYPYWGb5Gml:T3oAkW/VqDBCjM775oI84c21aYXGbVl

Entry address:
0xADAE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
36 KB (36,864 bytes)

Remove downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.