home

downloader_25954_pc.exe

The executable downloader_25954_pc.exe has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.idg.pl and multiple other hosts.
Version:
2.0.13.2

MD5:
00eeb303d1a5ad77288ec155099c10da

SHA-1:
54bfdb16398013d19d4b75da18b53b290546a952

SHA-256:
31ae01325d3bdfc38a1e31212b103e0402797f630ef31ddedeac46dc551d142c

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
11/5/2024 6:53:29 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.1441

ESET NOD32
Win32/PCWorldPLoader (variant)
8.8890

McAfee
Artemis!00EEB303D1A5
5600.7174

Norman
Suspicious_Gen4.EGQBE
11.20140401

Sophos
Mal/Generic-L
4.93

File size:
2 MB (2,057,728 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Polish (Poland)

Common path:
C:\users\{user}\downloads\downloader_25954_pc.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:en9dYSOHr3DeG4VZ/OWmQ6xXDrThNpHYj3ZhNKDqckS/3f:49hkalIFb35Yj3tKDqck63

Entry address:
0xADC00

Entry point:
55, 8B, EC, 83, C4, F0, B8, B0, C9, 4A, 00, E8, 88, 96, F5, FF, A1, A4, 16, 4B, 00, 8B, 00, E8, 50, 5A, FB, FF, A1, A4, 16, 4B, 00, 8B, 00, BA, 78, DC, 4A, 00, E8, BF, 54, FB, FF, 8B, 0D, 44, 18, 4B, 00, A1, A4, 16, 4B, 00, 8B, 00, 8B, 15, 78, 83, 4A, 00, E8, 3F, 5A, FB, FF, 8B, 0D, 98, 18, 4B, 00, A1, A4, 16, 4B, 00, 8B, 00, 8B, 15, C4, 7E, 4A, 00, E8, 27, 5A, FB, FF, A1, A4, 16, 4B, 00, 8B, 00, E8, 9B, 5A, FB, FF, E8, 0A, 71, F5, FF, 00, 00, FF, FF, FF, FF, 13, 00, 00, 00, 50, 43, 20, 57, 6F, 72, 6C, 64...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
691 KB (707,584 bytes)

The file downloader_25954_pc.exe has been seen being distributed by the following 7 URLs.

http://www.idg.pl/ftp/downloader/.../14967.html

http://www.idg.pl/ftp/downloader/.../9171.html

http://www.idg.pl/ftp/downloader/.../23177.html

http://www.idg.pl/ftp/downloader/.../29152.html

http://www.idg.pl/ftp/downloader/.../27525.html

http://www.idg.pl/ftp/downloader/.../12920.html

http://www.idg.pl/ftp/downloader/.../30673.html

Remove downloader_25954_pc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.