JDownloader2Update.exe

JDownloader Update

Appwork GmbH

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application JDownloader2Update.exe, “JDownloader 2 Update Launcher” by Appwork GmbH has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Appwork GmbH  (signed and verified)

Product:
JDownloader Update

Description:
JDownloader 2 Update Launcher

Version:
2.0.0.0

MD5:
c1757ee315fc750e36cc5b44b72e7b2d

SHA-1:
52e9176d1d5d05503c993a555ed97512767c2559

SHA-256:
857fd91a23c4a99c2b50c8d7075fdd0d7b18efd57121ce322e4815108bbe9e20

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/5/2024 1:45:06 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/ATRAPS.Gen
7.11.30.172

Dr.Web
Trojan.InstallCore.29
9.0.1.097

Reason Heuristics
PUP.Bundler.installCore
15.4.7.6

File size:
228.2 KB (233,720 bytes)

Product version:
2.0

Copyright:
Copyright AppWork GmbH

Original file name:
JDownloader2Update.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Application data\jdownloader 2.0\jdownloader2update.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
1/28/2015 1:00:00 AM

Valid to:
1/29/2016 12:59:59 AM

Subject:
CN=Appwork GmbH, O=Appwork GmbH, L=Fürth, S=Bayern, C=DE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5CA15B949EC0CBCECEB7C57981B033A8

File PE Metadata
Compilation timestamp:
9/24/2014 10:15:09 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:fLBunHbFXO6AOitdNu/S51MOY+zAwFiKXjHtu0:fLB0FF6dc/S5yOY+zbF1r

Entry address:
0x11AFE

Entry point:
E8, 21, AC, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 38, CC, 42, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 3C, CC, 42, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, EA, 07, 00, 00, 85, C0, 75, 06, B8, A0, CD, 42, 00, C3, 83, C0, 08, C3, E8, D7, 07, 00, 00, 85, C0, 75, 06, B8, A4, CD, 42, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08...
 
[+]

Code size:
142.5 KB (145,920 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn4.appwork.org  (176.9.34.43:80)

TCP (HTTP SSL):
Connects to vip060.ssl.hwcdn.net  (205.185.208.60:443)

TCP (HTTP SSL):
Connects to www.1fichier.com  (5.39.224.140:443)

TCP (HTTP SSL):
Connects to lu5.api.mega.nz  (31.216.147.136:443)

TCP (HTTP):
Connects to cdn5.appwork.org  (46.4.126.3:80)

TCP (HTTP):
Connects to userscloud.com  (188.213.242.146:80)

TCP (HTTP):
Connects to static.139.123.201.138.clients.your-server.de  (138.201.123.139:80)

TCP (HTTP):
Connects to mail.appwork.org  (176.9.43.113:80)

TCP (HTTP SSL):
Connects to lu3.api.mega.nz  (31.216.147.134:443)

TCP (HTTP SSL):
Connects to lu1.api.mega.nz  (31.216.147.132:443)

TCP (HTTP SSL):
Connects to hosted-by.hostspicy.com  (103.194.169.171:443)

TCP (HTTP SSL):
Connects to a-33.1fichier.com  (5.39.224.33:443)

TCP (HTTP):
Connects to v-5-20-30-d3373-110.webazilla.com  (188.42.231.110:80)

TCP (HTTP SSL):
Connects to mad06s25-in-f14.1e100.net  (216.58.201.142:443)

TCP (HTTP):
Connects to mad06s10-in-f174.1e100.net  (216.58.210.174:80)

TCP (HTTP SSL):
Connects to dh-in-f91.1e100.net  (209.85.203.91:443)

TCP (HTTP):
Connects to cds715.mia.llnw.net  (69.164.27.210:80)

TCP (HTTP):
Connects to api.jdownloader.org  (88.99.115.46:80)

TCP (HTTP SSL):
Connects to a-32.1fichier.com  (5.39.224.32:443)

TCP (HTTP SSL):
Connects to a-28.1fichier.com  (5.39.224.28:443)

Remove JDownloader2Update.exe - Powered by Reason Core Security