» downloadfilesetup_194uy.exe
Overview
Analysis
File Details
Downloads (1)

downloadfilesetup_194uy.exe

ProductName

Bratstvo Graala LLC

The application downloadfilesetup_194uy.exe, “Pro WDM installer” by Bratstvo Graala has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from euzcdn.net.

File name:

Publisher:

Privat Ltd (signed by Bratstvo Graala LLC)

Product:

ProductName

Description:

Pro WDM installer

Version:

1.1.1.0

MD5:

73eded299089dcb0ddbf3c7408784961

SHA-1:

bf32dc0e3c9b058069d2bee11ce51ae432a07ab8

SHA-256:

41a69677640c3aa744146e5e130a11563a07e4b9d42eeaaa56f16187ca36ccef

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

11/16/2024 8:27:35 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.Packed.29217

9.0.1.05190

ESET NOD32

Win32/bmMedia.DV potentially unwanted application

8.0.319.0

F-Secure

Variant.Application.Bundler

5.15.21

Reason Heuristics

Adware.Downloader.Bratstvo.Installer.Meta (M)

16.3.11.5

File size:

2.2 MB (2,281,472 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\downloadfilesetup_194uy.exe

Digital Signature

Signed by:

Bratstvo Graala LLC

Authority:

COMODO CA Limited

Valid from:

4/23/2014 9:00:00 PM

Valid to:

4/24/2015 8:59:59 PM

Subject:

CN=Bratstvo Graala LLC, O=Bratstvo Graala LLC, STREET=Novoslobodskaya st. 45-13, L=Moscow, S=Moscow, PostalCode=127055, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D220A4280109831C51DFDBA6CE8B0312

File PE Metadata

Compilation timestamp:

10/27/2014 5:53:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:ddh8gKOVs8xRCRTYK+7/3iB3Rx5zP3XcFkgCowx:dD8gKWs8xMRTLK/wRP8BC

Entry address:

0x14F29

Entry point:

55, 89, E5, 81, EC, 84, 01, 00, 00, 68, C4, 7D, 3E, 00, E8, 1A, 3D, FF, FF, 8B, 45, 0C, 81, 48, 0C, 00, 80, 00, 00, 59, 5D, C3, 55, 8B, EC, 83, EC, 10, A1, 0C, 62, 43, 00, 53, 8B, C8, 23, CA, 33, DB, 43, 47, 89, 31, 66, 83, 38, 22, 75, 23, A1, 50, 61, 43, 00, 83, F8, FF, 0F, 84, E8, FF, FF, FF, C7, 85, 6C, FE, FF, FF, 08, 00, 00, 00, 6A, 00, 6A, 64, 8B, 4D, 08, 8B, 41, 10, 56, 53, 50, 8D, 45, E8, 6A, 01, 8D, 45, F4, 50, FF, 15, AC, 40, 43, 00, FF, 15, EC, 42, 43, 00, 89, 45, E4, 8B, 45, E4, 83, 60, 70, FD... 
[+]

Code size:

204 KB (208,896 bytes)

The file downloadfilesetup_194uy.exe has been seen being distributed by the following URL.

http://euzcdn.net/windm/.../?carrier_cmd_uri=&referral=tcdbf.0.0.2011.30103c45eac4104&file_name=DownloadFileSetup

Remove downloadfilesetup_194uy.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.