java_downloader.exe

DOWNLOADZONE

The Adlogica setup manager, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application java_downloader.exe by DOWNLOADZONE has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the Adlogica Downloader installer. This version of the installer will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension. With this installer, users are expecting to download the free Oracle Java Runtime but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
DOWNLOADZONE  (signed and verified)

MD5:
9555807e5cb4e274c0b5ae57b899e081

SHA-1:
01cae6bf23372be0ee6807d83037ed1ca1173945

SHA-256:
4c8e57f1c9dcef83b6bf51c6d61806480aaa55702a5dfdb40670cc7ab841cde0

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/5/2024 4:30:02 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.MyWebSearch
7.1.1

avast!
Win32:PUP-gen [PUP]
2014.9-150104

AVG
AdPlugin
2016.0.3240

ESET NOD32
Win32/Toolbar.MyWebSearch (variant)
9.10961

Fortinet FortiGate
Riskware/Toolbar_MyWebSearch
1/4/2015

K7 AntiVirus
Trojan
13.1814525

Malwarebytes
PUP.Optional.Downloadster
v2015.01.04.11

McAfee
Artemis!9555807E5CB4
5600.6896

Panda Antivirus
Trj/CI.A
15.01.04.11

Reason Heuristics
PUP.DOWNLOADZONE.P
15.1.4.11

Sophos
Generic PUA CH
4.98

Trend Micro House Call
TROJ_SPNV.03JS14
7.2.4

Trend Micro
TROJ_SPNV.03JS14
10.465.04

VIPRE Antivirus
Trojan.Win32.Generic
36348

File size:
820.9 KB (840,600 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adlogica Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\n3y3ymsr\java_downloader.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
9/11/2013 5:00:00 PM

Valid to:
9/12/2015 4:59:59 PM

Subject:
CN=DOWNLOADZONE, O=DOWNLOADZONE, STREET=96 Jessie st, STREET=4th Floor, L=San Francisco, S=CA, PostalCode=94105, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009B24C5AAB5A6D4FED7E156750E71003D

File PE Metadata
Compilation timestamp:
6/21/2014 7:05:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:cuR5EPHvTz/WJ0fZWcynKfFfIrTVRL8SpX1c8y1MmG3ss23atdLEk3h:gf7z/W+ryKNmTESpFc8y2t3ss23aF

Entry address:
0x162E0

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C8, 89, 45, CC, 89, 45, D0, 89, 45, EC, 89, 45, D8, 89, 45, D4, B8, D4, 5E, 41, 00, E8, 12, 00, FF, FF, 33, C0, 55, 68, ED, 64, 41, 00, 64, FF, 30, 64, 89, 20, 33, C0, 55, 68, 8B, 64, 41, 00, 64, FF, 30, 64, 89, 20, 8D, 45, EC, 50, 8D, 45, D8, E8, BE, AF, FF, FF, 8B, 45, D8, 89, 45, DC, C6, 45, E0, 0B, 8D, 55, D4, B8, 08, 00, 00, 00, E8, CF, AF, FF, FF, 8B, 45, D4, 89, 45, E4, C6, 45, E8, 0B, 8D, 55, DC, B9, 01, 00, 00, 00, B8, 04, 65, 41, 00...
 
[+]

Entropy:
7.8728

Developed / compiled with:
Microsoft Visual C++

Code size:
85.5 KB (87,552 bytes)

The file java_downloader.exe has been seen being distributed by the following 2 URLs.

Remove java_downloader.exe - Powered by Reason Core Security