fastdownload.exe

The executable fastdownload.exe has been detected as malware by 6 anti-virus scanners. This is a setup program which is used to install the application. This file is typically installed with the program BrowseToSave by BrowseToSave.info (Amazing Apps) which is a potentially unwanted software program. The file has been seen being downloaded from i1.forallwebestv.info and multiple other hosts.
MD5:
b82994cb256839f3f404cafb29060ec6

SHA-1:
b1c2d1dcb88b137401a14285dacb93d116f4be03

SHA-256:
be4a1a6209f8cead40c0ec26297f0e5ceb3c92bd4c68d01a0f8662b873f3a724

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
12/25/2024 1:33:28 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.Duckegg
4.0.3.131216

Bkav FE
W32.Clodd3f.Trojan
1.3.0.4613

ESET NOD32
Win32/Duckegg
7.9171

Norman
Suspicious_Gen2.VNFHM
11.20131216

Reason Heuristics
Threat.Win.Reputation
14.4.2.11

XVirus List
Win.Detected
2.3.31

File size:
84.5 KB (86,528 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\fastdownload.exe

File PE Metadata
Compilation timestamp:
6/27/2012 11:25:07 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:hBU2JUkCUXEsHpxGqdRsKbbbaHT2v3zkp2bUB1GG5cxtYSFDQO:TTUkCUXEsJQq9SHT2RUB1GKEBF

Entry address:
0x19F2

Entry point:
E8, BD, 38, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 68, 68, E2, 40, 00, FF, 15, 0C, E1, 40, 00, 85, C0, 74, 15, 68, 58, E2, 40, 00, 50, FF, 15, A0, E0, 40, 00, 85, C0, 74, 05, FF, 75, 08, FF, D0, 5D, C3, 8B, FF, 55, 8B, EC, FF, 75, 08, E8, C8, FF, FF, FF, 59, FF, 75, 08, FF, 15, B4, E0, 40, 00, CC, 6A, 08, E8, 83, 3A, 00, 00, 59, C3, 6A, 08, E8, A1, 39, 00, 00, 59, C3, 8B, FF, 56, E8, E7, 33, 00, 00, 8B, F0, 56, E8, 3D, 05, 00, 00, 56, E8, 6E, 05, 00, 00, 56, E8, 38, 3D, 00, 00, 56, E8, 23, 3D, 00...
 
[+]

Code size:
51.5 KB (52,736 bytes)

The file fastdownload.exe has been discovered within the following program.

BrowseToSave  by BrowseToSave.info (Amazing Apps)
This program is related to other adware browser extensions created by 215 Apps, a known adware developer. It is also a variant of the BrowseToSave program just renamed to help confuse users.
browsetosave.info
79% remove it
 
Powered by Should I Remove It?

The file fastdownload.exe has been seen being distributed by the following 12 URLs.

http://i1.forallwebestv.info/.../duckegg.exe

http://i1.installbox1.info/.../duckegg.exe

Remove fastdownload.exe - Powered by Reason Core Security