home

downloader_4.exe

Runner Utility

LLC Arctic West

The executable downloader_4.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
Dummy, Ltd.  (signed by LLC Arctic West)

Product:
Runner Utility

Version:
1.0.0.188

MD5:
d2d567a13d5ad8ea703b2d90d1e88551

SHA-1:
caa5699fcb08d369c68632898f44f7f2d9b7048b

SHA-256:
143a3a8777794cc48c7ab4e69721a8a05ec696b73b0f4547fb2ee90794b35015

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/15/2024 4:35:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.20.20

File size:
1.2 MB (1,298,432 bytes)

Product version:
1.0.0.188

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\downloader_4.exe

Digital Signature
Signed by:
LLC Arctic West

Authority:
COMODO CA Limited

Valid from:
8/25/2015 12:00:00 AM

Valid to:
8/24/2016 11:59:59 PM

Subject:
CN=LLC Arctic West, O=LLC Arctic West, STREET=Lviv highway 1, L=Mikolaiv, S=Lvovskaja, PostalCode=81600, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
416057CF015B4832DC973BA203AAB312

File PE Metadata
Compilation timestamp:
8/27/2015 10:13:11 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x1A91C9

Entry point:
68, ED, F9, C1, 0D, E8, 13, FB, FD, FF, 00, 00, 00, 4C, 6F, 61, 64, 43, 75, 72, 73, 6F, 72, 57, 00, 5F, 5E, 9F, B8, 01, 00, 00, 00, 5B, 8B, E5, 66, F7, D5, 66, 0F, 44, ED, 5D, C3, AB, 98, A5, 82, 7C, 14, 6A, F5, A8, D7, C3, CB, 79, 47, 80, 1C, 05, A7, 16, 2D, 48, EA, BD, AA, 91, E0, E1, 2A, 44, 5F, 33, 63, 1D, A8, A9, B9, C9, E0, BA, EC, 65, 65, C2, 25, 31, 69, 3F, 1A, F8, 3B, 47, 8E, 59, C5, D0, AD, 7B, C0, EB, D5, 10, 23, 7D, B2, 95, E9, 0D, 01, 55, 2A, 31, D6, AE, A3, BD, 3C, DC, 7A, DA, 12, 95, E9, 08...
 
[+]

Code size:
1.2 MB (1,287,168 bytes)

Remove downloader_4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.