idm.v6.xx.release.3-patch.exe

The application idm.v6.xx.release.3-patch.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler. This file is typically installed with the program QUICKfind server v1.1 by IDM Computer Solutions, Inc.. The file has been seen being downloaded from dl-web.dropbox.com and multiple other hosts.
MD5:
02106a846c69468db29f2137203857e0

SHA-1:
b028922f390c56f5848be3ff3d3507f5c07f87b5

SHA-256:
e1ff2ecf46db4b9fde9b061cdd0c055dbca2755dc0500bf6c7d1a3284cb46d35

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 8:24:20 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.HackTool
7.1.1

AhnLab V3 Security
Trojan/Win32.Gen
2013.12.23

AVG
HackTool
2014.0.3617

Bkav FE
W32.Clode97.Trojan
1.3.0.4613

Comodo Security
Application.Win32.PatchIDM.~ADP
17483

ESET NOD32
Win32/HackTool.Patcher (variant)
7.9190

IKARUS anti.virus
not-a-virus.Patch.IDM
t3scan.2.2.29

K7 AntiVirus
Riskware
13.174.10588

Malwarebytes
PUP.Hacktool.Patcher
v2013.12.22.07

McAfee
Generic.dx!02106A846C69
5600.7273

Microsoft Security Essentials
HackTool:Win32/Patch
1.165.247.01

MicroWorld eScan
Win32/HackTool.Patcher.T
14.0.0.1068

Norman
keygen.X
11.20131222

Quick Heal
HackTool.Patch (Not a Virus)
12.13.12.00

Reason Heuristics
Unnamed.Threat.36
14.3.2.16

Sophos
Mal/Agent-ACR
4.96

Trend Micro House Call
CRCK_PATCHER
7.2.356

Trend Micro
CRCK_PATCHER
10.465.22

VIPRE Antivirus
Trojan.Win32.Generic
24638

File size:
622.5 KB (637,440 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\idm.v6.xx.release.3-patch.exe

File PE Metadata
Compilation timestamp:
2/22/2011 9:44:08 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
6144:4putRkQsfiV1EBv/VVNa1msyuP06HK74o1e9UjjEW5ls6UFC3Ig/sqvGfqX+wYK2:vt+fi4vNVAEuhHy4ocnOscYpeFenC3Q

Entry address:
0x3D86

Entry point:
B8, 90, 2B, 57, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, EE, 75, C8, DA, 10, 20, 65, CC, 87, CB, 79, 9A, CD, 52, F0, 5E, F5, F4, 8E, DC, DC, C8, 08, BB, 3D, 33, 9D, 56, B2, 2A, 40, A1, D7, D1, 7C, D3, 11, 74, 66, C5, 8F, 32, B1, A0, 81, D4, 31, 7B, E6, B3, E5, 86, 6D, B3, D1, 1A, 1E, 19, 4C, 01, 3E, C7, 15, EE, 65, 90, F9, 8E, 60, AD, 09, 70, C0, F7, B1, 9B, E9, 1B, 02, E1, 09, 15, 8B, 0F, 92, 36, CC, 2C, 1F, 43, 76, 60, 14...
 
[+]

Entropy:
6.5261

Packer / compiler:
PECompact v2

Code size:
35 KB (35,840 bytes)

Scheduled Task
Task name:
{44530D2E-98CA-464A-BF07-775BFD4ABD4E}

Trigger:
Registration (Runs on registration)


The file idm.v6.xx.release.3-patch.exe has been discovered within the following program.

QUICKfind server v1.1  by IDM Computer Solutions, Inc.
Publisher's description - “QuickFind is the app if you want to search on multiple sites at the same time. QuickFind offers you the most used sites in the palm of your hand. It allows you to search multiple sites at the same time and it uses the Browse Line to navigate your results.”
About 5% of users remove it
 
Powered by Should I Remove It?

The file idm.v6.xx.release.3-patch.exe has been seen being distributed by the following 7 URLs.

https://dl-web.dropbox.com/.../IDM.vbasem elhlawany.exe

https://doc-04-6o-docs.googleusercontent.com/docs/securesc/egvecplb3umtqpfobeqcqb71bljkeoq2/g3m88c072p6ql6a5h002csibq28tuj2f/1477504800000/.../15239175778461031598/0B_eC0dB_Yj4uLTJuMDNDNXAydWs?e=download

temp:IDM.v6.xx.release.3-patch.exe

http://205.196.120.130/ta7d0lad1qvg/.../Patch IDM.exe

Remove idm.v6.xx.release.3-patch.exe - Powered by Reason Core Security