» installplus500.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (2)

installplus500.exe

Downloader

Plus500 LTD

This is a setup program which is used to install the application. This is the uninstaller utility registered in the Windows Control Panel for the program Plus500. The file has been seen being downloaded from download.plus500.ee and multiple other hosts.

File name:

installplus500.exe

Publisher:

Plus500 LTD (signed and verified)

Product:

Downloader

Version:

24, 24, 24, 24

MD5:

7a2c25d387baf5d1866857fa221c69b4

SHA-1:

8e1418ca2c0a143f4b894969be1e2747814d40e0

SHA-256:

db474e115d6bb999d9e59fdd2ba88c970a93677e4e7dd87dbb2f3b5d52534c26

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

12/26/2024 1:54:31 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Downware.9669

9.0.1.049

Trend Micro House Call

HV_ZYX_BK08273A.TOMC

7.2.49

File size:

375.5 KB (384,488 bytes)

Product version:

24, 24, 24, 24

Original file name:

Downloader.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\installplus500.exe

Digital Signature

Signed by:

Plus500 LTD

Authority:

Thawte, Inc.

Valid from:

4/20/2014 3:00:00 AM

Valid to:

7/10/2016 2:59:59 AM

Subject:

CN=Plus500 LTD, O=Plus500 LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

031183F8BA44C6DB1F7305BE0C6A6689

File PE Metadata

Compilation timestamp:

2/24/2014 2:25:52 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:8br4/Uu59fyzp+V7uYQshpFT9Si2o0Yo+155ZZ:I8/Uu59fMpQ7LQshpxxz0D+155

Entry address:

0x30D7E

Entry point:

E8, 10, B5, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 28, 53, 56, FF, 75, 0C, 8D, 4D, F0, E8, 4B, F6, FF, FF, 8B, 75, 08, 33, DB, 3B, F3, 75, 28, E8, C5, 26, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 10, DC, FF, FF, 83, C4, 14, 38, 5D, FC, 74, 07, 8B, 45, F8, 83, 60, 70, FD, D9, EE, EB, 61, 8B, 45, F0, 83, B8, AC, 00, 00, 00, 01, 7E, 14, 8D, 45, F0, 50, 0F, B6, 06, 6A, 08, 50, E8, C6, A8, 00, 00, 83, C4, 0C, EB, 10, 0F, B6, 0E, 8B, 80, C8, 00, 00, 00, 0F, B7, 04, 48, 83, E0, 08... 
[+]

Code size:

287 KB (293,888 bytes)

Program Uninstaller

Program name:

Plus500

Uninstall string:

C:\Program Files (x86)\Plus500\Plus500.exe /uninstall

The file installplus500.exe has been seen being distributed by the following 2 URLs.

http://download.plus500.ee/DownloadService.svc/InstallNewDownloader?bid=0&hl=et&id=59553&tags=g_sr EstoniaSearchEng_cp Bitcoins_ag buy**bitcoin_ks Phrase_mt g_nt c_de &refurl=http://www.googleadservices.com/pagead/aclk?sa=L&ai=Co8oxBXKwVNCwLuXOiwa-soKwC4efspMGx4qdu5AB0obwpWUIABABKAJg6gGgAeGphd4DyAEBqQI4Huueh96zPqoEKE_Qdm2Esp2ekrByuGz7LMngniwLiH8l39X0ABAJx_NQbsFtMeRZw-iIBgGAB4fW-iGQBwOoB6a-Gw&ohost=www.google.ee&cid=5Gidq7zGBCWkuPGm3a4NUJnV2_j91MNqO5NqDT1d9bVZ0w&sig=AOD64_36pQ44_hBzXT3MLWACgrYNyS8qww&rct=j&q=&ved=0CCEQ0Qw&adurl=http://www.plus500.ee/Instruments/.../?id=59553&tags=g_sr EstoniaSearchEng_cp Bitcoins_ag buy**bitcoin_ks Phrase_mt g_nt c_de &א&gclid=CNT608GViMMCFXQatAodrDcA6g

Scan installplus500.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.