downloadfilesetup_194uy.exe

ProductName

Bratstvo Graala LLC

The application downloadfilesetup_194uy.exe, “Pro WDM installer” by Bratstvo Graala has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from euzcdn.net.
Publisher:
Privat Ltd  (signed by Bratstvo Graala LLC)

Product:
ProductName

Description:
Pro WDM installer

Version:
1.1.1.0

MD5:
73eded299089dcb0ddbf3c7408784961

SHA-1:
bf32dc0e3c9b058069d2bee11ce51ae432a07ab8

SHA-256:
41a69677640c3aa744146e5e130a11563a07e4b9d42eeaaa56f16187ca36ccef

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 7:23:15 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Packed.29217
9.0.1.05190

ESET NOD32
Win32/bmMedia.DV potentially unwanted application
8.0.319.0

F-Secure
Variant.Application.Bundler
5.15.21

Reason Heuristics
Adware.Downloader.Bratstvo.Installer.Meta (M)
16.3.11.5

File size:
2.2 MB (2,281,472 bytes)

Product version:
1.0.0.0

Copyright:
Copyright 2014

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\downloadfilesetup_194uy.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/23/2014 9:00:00 PM

Valid to:
4/24/2015 8:59:59 PM

Subject:
CN=Bratstvo Graala LLC, O=Bratstvo Graala LLC, STREET=Novoslobodskaya st. 45-13, L=Moscow, S=Moscow, PostalCode=127055, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D220A4280109831C51DFDBA6CE8B0312

File PE Metadata
Compilation timestamp:
10/27/2014 5:53:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:ddh8gKOVs8xRCRTYK+7/3iB3Rx5zP3XcFkgCowx:dD8gKWs8xMRTLK/wRP8BC

Entry address:
0x14F29

Entry point:
55, 89, E5, 81, EC, 84, 01, 00, 00, 68, C4, 7D, 3E, 00, E8, 1A, 3D, FF, FF, 8B, 45, 0C, 81, 48, 0C, 00, 80, 00, 00, 59, 5D, C3, 55, 8B, EC, 83, EC, 10, A1, 0C, 62, 43, 00, 53, 8B, C8, 23, CA, 33, DB, 43, 47, 89, 31, 66, 83, 38, 22, 75, 23, A1, 50, 61, 43, 00, 83, F8, FF, 0F, 84, E8, FF, FF, FF, C7, 85, 6C, FE, FF, FF, 08, 00, 00, 00, 6A, 00, 6A, 64, 8B, 4D, 08, 8B, 41, 10, 56, 53, 50, 8D, 45, E8, 6A, 01, 8D, 45, F4, 50, FF, 15, AC, 40, 43, 00, FF, 15, EC, 42, 43, 00, 89, 45, E4, 8B, 45, E4, 83, 60, 70, FD...
 
[+]

Code size:
204 KB (208,896 bytes)

The file downloadfilesetup_194uy.exe has been seen being distributed by the following URL.

Remove downloadfilesetup_194uy.exe - Powered by Reason Core Security