» filedata
Overview
Analysis
File Details

filedata

DOWNLOADZONE

The Adlogica setup manager, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The file filedata by DOWNLOADZONE has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Adlogica Downloader installer.

File name:

filedata

Publisher:

DOWNLOADZONE (signed and verified)

MD5:

f16df5f1f9ced708a920064f4485e335

SHA-1:

9fe2d7162bd615dbb1812eb7010b87b134a2fa50

SHA-256:

0790b69b2ef6269f6a28a40121ab183ffc1d22215dc7e7d34c97bdb932079905

Scanner detections:

13 / 68

Status:

Adware

Explanation:

Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/5/2024 4:41:11 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.MyWebSearch

7.1.1

avast!

Win32:PUP-gen [PUP]

2014.9-150304

AVG

AdPlugin

2016.0.3181

Baidu Antivirus

PUA.Win32.MyWebSearch

4.0.3.1534

ESET NOD32

Win32/Toolbar.MyWebSearch.S potentially unwanted (variant)

9.11168

Fortinet FortiGate

Riskware/Toolbar_MyWebSearch

3/4/2015

herdProtect (fuzzy)

variant of chrome_setup.exe (Adware)

2015.6.11.0

K7 AntiVirus

Unwanted-Program

13.194.14945

Malwarebytes

PUP.Optional.Downloadster

v2015.03.04.10

McAfee

Artemis!2E7AD3D9ECD8

5600.6837

Reason Heuristics

PUP.Bundler.Adlogica

15.3.4.10

Sophos

Generic PUA CH

4.98

VIPRE Antivirus

MyWebSearch Toolbar (not malicious)

37498

File size:

820.9 KB (840,600 bytes)

Bundler/Installer:

Adlogica Downloader

Language:

English (United States)

Common path:

C:\users\{user}\downloads\f16df5f1f9ced708a920064f4485e335\filedata

Digital Signature

Signed by:

DOWNLOADZONE

Authority:

COMODO CA Limited

Valid from:

9/11/2013 8:00:00 PM

Valid to:

9/12/2015 7:59:59 PM

Subject:

CN=DOWNLOADZONE, O=DOWNLOADZONE, STREET=96 Jessie st, STREET=4th Floor, L=San Francisco, S=CA, PostalCode=94105, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

009B24C5AAB5A6D4FED7E156750E71003D

File PE Metadata

Compilation timestamp:

6/21/2014 10:05:32 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:TuR5EPHvTz3WJ0fZWcynKfFfIrTVRL8SpX1c8y1MmG3ss23atdLEk3H:3f7z3W+ryKNmTESpFc8y2t3ss23ab

Entry address:

0x162E0

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C8, 89, 45, CC, 89, 45, D0, 89, 45, EC, 89, 45, D8, 89, 45, D4, B8, D4, 5E, 41, 00, E8, 12, 00, FF, FF, 33, C0, 55, 68, ED, 64, 41, 00, 64, FF, 30, 64, 89, 20, 33, C0, 55, 68, 8B, 64, 41, 00, 64, FF, 30, 64, 89, 20, 8D, 45, EC, 50, 8D, 45, D8, E8, BE, AF, FF, FF, 8B, 45, D8, 89, 45, DC, C6, 45, E0, 0B, 8D, 55, D4, B8, 08, 00, 00, 00, E8, CF, AF, FF, FF, 8B, 45, D4, 89, 45, E4, C6, 45, E8, 0B, 8D, 55, DC, B9, 01, 00, 00, 00, B8, 04, 65, 41, 00... 
[+]

Entropy:

7.8727

Developed / compiled with:

Microsoft Visual C++

Code size:

85.5 KB (87,552 bytes)

Remove filedata - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.