installer_jdownloader_english.exe

The executable installer_jdownloader_english.exe has been detected as malware by 36 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from download.secure.edgesuite.net and multiple other hosts.
MD5:
1514a9fc1a6c9adefe1e7d3af0d5bf9f

SHA-1:
75d5e559beea8dd27bccf9dd5a67bca011661592

SHA-256:
18865efded85d2a125bf6d7b4169470aa3627f9fd1718402878e5b6d852c3236

Scanner detections:
36 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/27/2024 8:59:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.3
6143770

Agnitum Outpost
Win32.Sality.BL
7.1.1

AhnLab V3 Security
Win32/Kashu.E
2014.12.16

Avira AntiVirus
W32/Sality.AT
7.11.195.250

avast!
Win32:SaliCode
141214-1

AVG
Win32/Sality
2014.0.4189

Baidu Antivirus
Virus.Win32.Sality.$Emu
4.0.3.141216

Bitdefender
Win32.Sality.3
1.0.20.1750

Bkav FE
W32.Sality.PE
1.3.0.6267

Comodo Security
Virus.Win32.Sality.Gen
20383

Dr.Web
Win32.Sector.22
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
9.0.0.4668

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.13.68

G Data
Win32.Sality
14.12.24

IKARUS anti.virus
Virus.Win32.Sality
t3scan.1.8.5.0

K7 AntiVirus
Virus
13.187.14339

Kaspersky
Virus.Win32.Sality
15.0.0.543

McAfee
Trojan.Artemis!6593DF939E1A
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.189.2207.0

MicroWorld eScan
Win32.Sality.3
15.0.0.1050

NANO AntiVirus
Virus.Win32.Sality.beygb
0.28.6.64267

Norman
Win32.Sality.3
04.12.2014 14:30:06

nProtect
Virus/W32.Sality.D
14.12.15.01

Panda Antivirus
W32/Sality.AA
14.12.16.02

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Quick Heal
W32.Sality.U
12.14.14.00

Rising Antivirus
PE:Win32.KUKU.kt!1591113
23.00.65.141214

Sophos
Virus 'Mal/Sality-D'
5.08

Total Defense
Win32/Sality.AA
37.0.11332

Trend Micro House Call
PE_SALITY.RL
7.2.350

Trend Micro
PE_SALITY.RL
10.465.16

Vba32 AntiVirus
Virus.Win32.Sality.bakc
3.12.26.3

VIPRE Antivirus
Threat.4721115
35418

ViRobot
Win32.Sality.N[h]
2014.3.20.0

File size:
861.5 KB (882,224 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\installer_jdownloader_english.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:jKFcsDsENy3+ZSijrkfj0NF3I1zG8gnqZuDUYp799Sp:jYpUrijrkfjOF41hgq4UYD8

Entry address:
0x9C40

Entry point:
0A, D2, 2C, 6C, F6, C1, A3, C7, C1, FF, 00, D1, E6, 69, C8, EB, 8A, A3, 03, B7, F4, BE, 1B, D5, AC, B5, 86, CB, 68, 10, AA, DA, 00, 68, C7, 1B, FB, 00, 0F, BE, D1, E8, 00, 00, 00, 00, 5B, 0F, B7, CD, 74, 09, 69, F0, 02, 66, 82, BF, C6, C6, AC, F6, C0, 48, F2, B2, 28, 0F, BE, C2, 8D, 0D, E7, 0B, 26, 02, 8D, 2D, 67, 74, 14, 64, 81, E6, A9, 03, 04, A5, BA, D5, CD, 07, 00, 0F, BE, C9, 81, F2, 7A, 39, 00, 00, 8D, 35, 92, BE, DD, 10, 0B, C6, 13, C3, 81, F2, AA, 0A, 00, 00, 80, F5, 9E, 8B, CE, C7, C1, CB, 0D, 0B...
 
[+]

Entropy:
7.9011  (probably packed)

Code size:
37 KB (37,888 bytes)

The file installer_jdownloader_english.exe has been seen being distributed by the following 7 URLs.

Remove installer_jdownloader_english.exe - Powered by Reason Core Security