home

gerenciador-de-download.exe

TECHALPHA LLC

The application gerenciador-de-download.exe by TECHALPHA has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.holdmyreq.co.
Publisher:
lNEuT4ZbUm4  (signed by TECHALPHA LLC)

Version:
6.3.1.7

MD5:
b62e02b925d52761c8d651ad1f7dc6e6

SHA-1:
9f7d7b1bbf47dba06e95ba4b22a5561888643dac

SHA-256:
a12c81436ebf0c2ebef7efd7f8992cec4818f38427cda0d82e18aeb96fbc62fd

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2025 2:02:51 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Adload.G
5714246

Avira AntiVirus
ADWARE/Adware.Gen7
8.3.1.6

Arcabit
Adware.Adload.G
1.0.0.425

avast!
Downloader-ACE [PUP]
150602-1

AVG
Downloader.NSIS
2014.0.4311

Bitdefender
Adware.Adload.G
1.0.20.795

Emsisoft Anti-Malware
Adware.Adload
10.0.0.5366

ESET NOD32
NSIS/TrojanDownloader.Adload.AM trojan
7.0.302.0

Fortinet FortiGate
Adware/AdloadAM
6/8/2015

F-Secure
Adware.Adload.G
11.2015-08-06_2

G Data
Adware.Adload
15.6.25

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.1915

MicroWorld eScan
Adware.Adload.G
16.0.0.477

Norman
Adware.Adload.G
02.06.2015 14:23:46

nProtect
Adware.Adload.G
15.06.08.01

Reason Heuristics
PUP.TECHALPHA.Installer (M)
16.2.11.0

Sophos
PUA 'AdLoad' (of type Adware)
5.15

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Threat.4785227
40786

File size:
74.8 KB (76,584 bytes)

Copyright:
lNEuT4ZbUm4di4dulR

Trademarks:
lNEuT4ZbUm4di4du

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\gerenciador-de-download.exe

Digital Signature
Signed by:
TECHALPHA LLC

Authority:
COMODO CA Limited

Valid from:
6/4/2015 9:00:00 PM

Valid to:
6/4/2016 8:59:59 PM

Subject:
CN=TECHALPHA LLC, O=TECHALPHA LLC, POBox=19808, STREET=2711 CENTERVILLE ROAD SUITE 400, L=WILMINGTON, S=Delaware, PostalCode=19808, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A64D033CD1A695D074F8F69927DA7C36

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:8oLDYsacy7mHMowHjXJz5Yksp3GIOjBvi6F9gPQlBYGFikF:8oPyys5jXJz5YkI6jFF9kQjpF

Entry address:
0x323F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 98, 27, 7A, 00, E8, 09, 2C, 00, 00, A3, E4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, E0, 1E, 7A, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file gerenciador-de-download.exe has been seen being distributed by the following URL.

http://www.holdmyreq.co/ids/.../getFile?lnk=fGh0dHA6Ly96b2luay5pdC90b3JyZW50LzA5OUU3REI2MERCMDQzREZCQ0ZBNTQ2RDEwRjhEQjU5RUVEMUQ2MzcudG9ycmVudHxodHRwOi8vd3d3LmZpbG1lc3RvcnJlbnQuY29tLmJyL3dwLWNvbnRlbnQvdXBsb2Fkcy8yMDE0LzA4LzIxMDU5OTA3XzIwMTMxMTIxMTQ0NzA5ODQuanBnLXJfNjQwXzYwMC1iXzFfRDZENkQ2LWZfanBnLXFfeC14eHl4eC0zMDB4MTk5LmpwZw==&dec=1

Remove gerenciador-de-download.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.