filedata

DOWNLOADZONE

The Adlogica setup manager, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The file filedata by DOWNLOADZONE has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Adlogica Downloader installer.
Publisher:
DOWNLOADZONE  (signed and verified)

MD5:
f16df5f1f9ced708a920064f4485e335

SHA-1:
9fe2d7162bd615dbb1812eb7010b87b134a2fa50

SHA-256:
0790b69b2ef6269f6a28a40121ab183ffc1d22215dc7e7d34c97bdb932079905

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 1:14:04 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.MyWebSearch
7.1.1

avast!
Win32:PUP-gen [PUP]
2014.9-150304

AVG
AdPlugin
2016.0.3181

Baidu Antivirus
PUA.Win32.MyWebSearch
4.0.3.1534

ESET NOD32
Win32/Toolbar.MyWebSearch.S potentially unwanted (variant)
9.11168

Fortinet FortiGate
Riskware/Toolbar_MyWebSearch
3/4/2015

herdProtect (fuzzy)
2015.6.11.0

K7 AntiVirus
Unwanted-Program
13.194.14945

Malwarebytes
PUP.Optional.Downloadster
v2015.03.04.10

McAfee
Artemis!2E7AD3D9ECD8
5600.6837

Reason Heuristics
PUP.Bundler.Adlogica
15.3.4.10

Sophos
Generic PUA CH
4.98

VIPRE Antivirus
MyWebSearch Toolbar (not malicious)
37498

File size:
820.9 KB (840,600 bytes)

Bundler/Installer:
Adlogica Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\f16df5f1f9ced708a920064f4485e335\filedata

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
9/11/2013 8:00:00 PM

Valid to:
9/12/2015 7:59:59 PM

Subject:
CN=DOWNLOADZONE, O=DOWNLOADZONE, STREET=96 Jessie st, STREET=4th Floor, L=San Francisco, S=CA, PostalCode=94105, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009B24C5AAB5A6D4FED7E156750E71003D

File PE Metadata
Compilation timestamp:
6/21/2014 10:05:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:TuR5EPHvTz3WJ0fZWcynKfFfIrTVRL8SpX1c8y1MmG3ss23atdLEk3H:3f7z3W+ryKNmTESpFc8y2t3ss23ab

Entry address:
0x162E0

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C8, 89, 45, CC, 89, 45, D0, 89, 45, EC, 89, 45, D8, 89, 45, D4, B8, D4, 5E, 41, 00, E8, 12, 00, FF, FF, 33, C0, 55, 68, ED, 64, 41, 00, 64, FF, 30, 64, 89, 20, 33, C0, 55, 68, 8B, 64, 41, 00, 64, FF, 30, 64, 89, 20, 8D, 45, EC, 50, 8D, 45, D8, E8, BE, AF, FF, FF, 8B, 45, D8, 89, 45, DC, C6, 45, E0, 0B, 8D, 55, D4, B8, 08, 00, 00, 00, E8, CF, AF, FF, FF, 8B, 45, D4, 89, 45, E4, C6, 45, E8, 0B, 8D, 55, DC, B9, 01, 00, 00, 00, B8, 04, 65, 41, 00...
 
[+]

Entropy:
7.8727

Developed / compiled with:
Microsoft Visual C++

Code size:
85.5 KB (87,552 bytes)

Remove filedata - Powered by Reason Core Security