home

downloader_2.exe

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501

LLC BUDІMEKS

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application downloader_2.exe by LLC BUDІMEKS has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Microsoft Corporation  (signed by LLC BUDІMEKS)

Product:
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501

Version:
12.0.30501.0

MD5:
64afa19426cf03bfcf0963d91a357c71

SHA-1:
93224cb93c1256ef0c1d0aa587772bd86afa74e1

SHA-256:
73428f95f1b7a3da1d3f5483678609966de2fa2fffb80c42783dd79cdcc74661

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 7:50:35 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize.Bundler (M)
17.3.1.3

File size:
877.5 KB (898,576 bytes)

Product version:
12.0.30501.0

Copyright:
Copyright (c) Microsoft Corporation. All rights reserved.

Original file name:
vcredist_x64.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\downloader_2.exe

Digital Signature
Signed by:
LLC BUDІMEKS

Authority:
COMODO CA Limited

Valid from:
8/27/2015 12:00:00 AM

Valid to:
8/26/2016 11:59:59 PM

Subject:
CN=LLC BUDІMEKS, O=LLC BUDІMEKS, STREET=Cvitna 34, L=Gorodockey area Galichani vilage, S=Lvovskaja, PostalCode=81523, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E9F1B23ADDECC133378F48EBB20F9E3D

File PE Metadata
Compilation timestamp:
10/8/2015 12:12:48 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x1BDE64

Entry point:
68, E7, FE, D5, 05, E8, F7, 29, F8, FF, E7, 58, 30, 09, 32, D5, A8, C8, F6, 64, F5, E3, 0D, 40, CF, D2, 35, 0D, 40, 50, F1, 42, 31, 09, D8, C4, 23, CF, F6, A9, 0A, 32, 37, 09, 0B, 87, 92, FC, BF, B1, 42, 7E, CF, F6, 9B, E0, 87, 31, 09, 21, 99, 2F, F2, BF, 07, 64, 6D, F1, BF, C6, 4D, BA, CF, F6, 64, 2B, 0C, 36, 09, B2, B1, 11, FC, BF, 9B, C1, C9, F6, 3E, AF, 85, 0D, 40, 9D, E0, BC, 0E, 40, 0A, A1, EA, 30, 09, 48, 6B, 03, C9, F6, 4A, 46, C3, 0D, 40, 1F, 6C, 30, 09, 06, 84, AE, F3, BF, 46, 7C, CF, F6, 1B, F2...
 
[+]

Code size:
858.5 KB (879,104 bytes)

Remove downloader_2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.