install jdownloader 2 beta.exe

Appwork GmbH

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application install jdownloader 2 beta.exe by Appwork GmbH has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from fetch.jdcdn.org. While running, it connects to the Internet address installer.jdownloader.org on port 80 using the HTTP protocol.
Publisher:
Appwork GmbH  (signed and verified)

MD5:
337e46305b652727aad401ac3875d608

SHA-1:
b50a6340139c3c602b317b84b942e2323dd15acf

SHA-256:
62a584b80d8ae6ec6ab87d6626985cc92c824a13ce2707b22c4ea83e982ca48c

Scanner detections:
3 / 68

Status:
Potentially unwanted

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 12:31:25 AM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.AppworkGmbH.AA
14.11.11.4

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
289.2 KB (296,144 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Nullsoft Install System)

Language:
Language Neutral

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
8/15/2014 2:00:00 AM

Valid to:
8/16/2015 1:59:59 AM

Subject:
CN=Appwork GmbH, O=Appwork GmbH, L=Fürth, S=Bayern, C=DE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0091626FD168636EDD78A174E8B75DAC

File PE Metadata
Compilation timestamp:
5/11/2014 10:03:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:q4SUjhto7N7OrGDxbMUodl8FrOrEIbHX1tEQ+8QFG5vrp:Nae85OXj5vrp

Entry address:
0x30E2

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 1C, 71, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 58, E4, 42, 00, E8, 95, 2D, 00, 00, A3, A4, E3, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, E0, 87, 42, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, A0, DB, 42, 00, E8, 3F, 2A, 00, 00, FF, 15, 20, 71, 40, 00, BD, 00, 40, 43, 00, 50, 55, E8, 2D, 2A...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file install jdownloader 2 beta.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to installer.jdownloader.org  (85.131.130.148:80)

Remove install jdownloader 2 beta.exe - Powered by Reason Core Security