jdownloader-0-9581-es-en-br-fr-de-it-cat-win.exe

Visual Tools

The application jdownloader-0-9581-es-en-br-fr-de-it-cat-win.exe by Visual Tools has been detected as adware by 9 anti-malware scanners. This is a setup program which is used to install the application. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from afr.download-stream.net and multiple other hosts.
Publisher:
Visual Tools  (signed and verified)

MD5:
b83f05c7af15d005abd8913662144c6c

SHA-1:
2aa6c51f124af44be29d615dacefbc277142b44a

SHA-256:
677c0dabbfa35726c47a1fb2423652a0067ce194e45499de730b8a9c10230cc0

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
1/13/2025 1:32:07 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.Babylon
7.1.1

Dr.Web
Adware.Babylon.14
9.0.1.0345

ESET NOD32
Win32/Toolbar.Babylon (variant)
7.9026

K7 AntiVirus
Trojan
13.176.11721

Malwarebytes
PUP.Optional.Babylon
v2013.12.11.11

NANO AntiVirus
Trojan.Win32.Agent.ctknvv
0.28.0.59048

Reason Heuristics
PUP.VisualTools.m
14.8.7.21

SUPERAntiSpyware
PUP.Babylon/Variant
10914

Vba32 AntiVirus
suspected of Trojan.Downloader.gen
3.12.24.3

File size:
771.1 KB (789,584 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\jdownloader-0-9581-es-en-br-fr-de-it-cat-win.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
1/9/2013 7:00:00 PM

Valid to:
1/10/2015 6:59:59 PM

Subject:
CN=Visual Tools, O=Visual Tools, L=Belgrade, S=Serbia, C=RS

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
789958B0264F06055619270074AFA61F

File PE Metadata
Compilation timestamp:
10/10/2013 8:03:31 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:nj1iGTDCdFbHTpokd4P4ZvL2deNNhJu2nvh:nj1bXCrbHTpfdW4IINxu2vh

Entry address:
0x1C48

Entry point:
55, 8B, EC, 83, E4, F8, B8, 7C, 1A, 00, 00, E8, C8, 62, 00, 00, 53, 56, 33, DB, 57, 8D, 8C, 24, E0, 07, 00, 00, 88, 5C, 24, 0E, C6, 44, 24, 0F, 01, E8, FE, 1A, 00, 00, 53, 89, 9C, 24, 3C, 0A, 00, 00, 89, 9C, 24, 40, 0A, 00, 00, 89, 9C, 24, 44, 0A, 00, 00, C7, 84, 24, 48, 0A, 00, 00, 03, 00, 00, 00, FF, 94, 24, 20, 08, 00, 00, 8D, 8C, 24, E0, 07, 00, 00, 89, 84, 24, 34, 0A, 00, 00, E8, 6D, FA, FF, FF, 8D, 8C, 24, E0, 07, 00, 00, E8, DF, FA, FF, FF, 85, C0, 0F, 85, 05, 01, 00, 00, 8D, 44, 24, 10, 50, 8D, 8C...
 
[+]

Entropy:
7.9136

Developed / compiled with:
Microsoft Visual C++

Code size:
30 KB (30,720 bytes)

The file jdownloader-0-9581-es-en-br-fr-de-it-cat-win.exe has been seen being distributed by the following 2 URLs.