installer_jdownloader_one.exe

Appwork GmbH

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application installer_jdownloader_one.exe by Appwork GmbH has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the installCore installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dl.jdcdn.org and multiple other hosts.
Publisher:
Appwork GmbH  (signed and verified)

MD5:
6fe2e0dc2d6c1012f1a548410305f5c4

SHA-1:
0b19e14386c891c0a3f642e6d0da1514abdf8904

SHA-256:
fd0caf1dff0b4747770133bfe0a89fd5b0e3b1872b70ee0c4003f3ea90dc8353

Scanner detections:
4 / 68

Status:
Potentially unwanted

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 7:43:04 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3265

herdProtect (fuzzy)
2014.12.10.5

Reason Heuristics
PUP.AppworkGmbH.Z
14.9.28.21

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
161.2 KB (165,072 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\public\public documents\temporary internet files\content.ie5\{random}\installer_jdownloader_one.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
8/14/2014 5:00:00 PM

Valid to:
8/15/2015 4:59:59 PM

Subject:
CN=Appwork GmbH, O=Appwork GmbH, L=Fürth, S=Bayern, C=DE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0091626FD168636EDD78A174E8B75DAC

File PE Metadata
Compilation timestamp:
5/11/2014 1:03:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:B4URpNUUX6z/DBXJfg7BtNy9OF/mvvlz9pGJI6pXOp42JTLNRA92ajWHDuZd:B4SUjhto7Ny9rGJI6YCMTU8Zjw

Entry address:
0x30E2

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 1C, 71, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 58, E4, 42, 00, E8, 95, 2D, 00, 00, A3, A4, E3, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, E0, 87, 42, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, A0, DB, 42, 00, E8, 3F, 2A, 00, 00, FF, 15, 20, 71, 40, 00, BD, 00, 40, 43, 00, 50, 55, E8, 2D, 2A...
 
[+]

Entropy:
6.9862

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file installer_jdownloader_one.exe has been seen being distributed by the following 50 URLs.

Latest 30 of 105 download URLs

Remove installer_jdownloader_one.exe - Powered by Reason Core Security