java.exe

Java

Download Manager, LLC

The application java.exe by Download Manager has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. With this installer, users are expecting to download the free Oracle Java Runtime but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Download Manager, LLC  (signed and verified)

Product:
Java

Version:
3.0.0.63

MD5:
72d31a63fb4c1423eb4712d3a1475ce2

SHA-1:
30c19c2b2c134d5a1626be676d658ff149406c76

SHA-256:
aa843cf51cda89f51844de20bfb9ecd8d369af4b41c440fe8388b99c582657f1

Scanner detections:
20 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 1:02:44 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.32
508

AhnLab V3 Security
PUP/Win32.Bundler
2015.04.17

Avira AntiVirus
APPL/Downloader.Gen
7.11.204.208

avast!
Win32:Adware-CKD [PUP]
2014.9-150915

AVG
Generic
2016.0.2986

Bitdefender
Gen:Variant.Application.Bundler.32
1.0.20.1290

Dr.Web
Trojan.DownLoader12.11416
9.0.1.0258

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.32
8.15.09.15.11

ESET NOD32
Win32/DownloadAssistant.A potentially unwanted application
9.7.0.302.0

F-Secure
Riskware.Gen:Variant.Application.Bundler
11.2015-15-09_3

G Data
Gen:Variant.Adware.Mikey.3502
15.9.25

K7 AntiVirus
Trojan
13.202.15623

MicroWorld eScan
Gen:Variant.Application.Bundler.32
16.0.0.774

NANO AntiVirus
Trojan.Win32.DownloadAssistant.dmjgez
0.30.0.64812

Norman
Gen:Variant.Application.Bundler.32
11.20150915

Panda Antivirus
Trj/Genetic.gen
15.09.15.11

Reason Heuristics
PUP.Air Software.DRD Ventures.Bundler (M)
15.9.15.11

Rising Antivirus
PE:Malware.Graftor!6.1D1F
23.00.65.15913

VIPRE Antivirus
Threat.4782985
36694

Zillya! Antivirus
Adware.AirAdInstaller.Win32.809
2.0.0.2141

File size:
784.6 KB (803,448 bytes)

Product version:
3.0.0.63

Copyright:
(c) Download Manager, LLC

Original file name:
java.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
AirInstaller Download Manager

Language:
English (United States)

Common path:
C:\users\{user}\downloads\java.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
12/13/2014 7:00:00 PM

Valid to:
12/13/2016 6:59:59 PM

Subject:
CN="Download Manager, LLC", O="Download Manager, LLC", L=Elkhart, S=Indiana, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2E237E5FB17FCF829CCA0A9B6176FC0B

File PE Metadata
Compilation timestamp:
1/6/2015 6:49:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:Ufgs8zfYy3or6tZekSG6RlYv1m4UOMcSm09HHs:UfgsqNSG6Yv1m4UlcN09s

Entry address:
0x4CD0F

Entry point:
E8, 4E, 1A, 01, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 20, 4F, 4A, 00, 00, 74, 05, E9, B1, 1A, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6...
 
[+]

Entropy:
7.1139

The file java.exe has been seen being distributed by the following URL.

Remove java.exe - Powered by Reason Core Security