jdownloadersetup.exe

JDownloader

AppWork UG -haftungsbeschränkt-

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from s38b0-cb.uploaded.to and multiple other hosts.
Publisher:
AppWork UG (haftungsbeschränkt)  (signed by AppWork UG -haftungsbeschränkt-)

Product:
JDownloader

Description:
JDownloader Setup for Windows

Version:
${VERSION}

MD5:
fcad668231244edb24b3608fbb5a3ed2

SHA-1:
ac4a3f04bea61a6e598ecb8b6d6535d4e3f8edae

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/24/2024 12:37:31 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Toolbar.Montiera (variant)
8.9572

NANO AntiVirus
Trojan.Html.Heuristic-script.cadouz
0.28.0.58491

Trend Micro House Call
HV_ZYX_.E0130FF2
7.2.81

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
28.8 MB (30,157,280 bytes)

Copyright:
AppWork UG (haftungsbeschränkt)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\documents and settings\admin\デスクトップ\instalsoft\jdownloadersetup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
4/20/2010 4:01:48 AM

Valid to:
4/21/2011 4:01:43 AM

Subject:
E=e-mail@appwork.org, CN=AppWork UG -haftungsbeschränkt-, O=AppWork UG -haftungsbeschränkt-, L=Erlangen, S=Bavaria, C=DE

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000012817A98443

File PE Metadata
Compilation timestamp:
12/6/2009 7:53:13 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:ck1OmZebKizaSUNFr+ay/DIDYzEiUi7ejLfiI+culj7ceYnuz/9BY/+evkiQ2mY8:cHxUrr+T/DRwiUianXl0MVn6y8XB/h

Entry address:
0x352F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B8, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, 98, 63, 42, 00, E8, D6, 2E, 00, 00, A3, E4, 62, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 88, 0C, 42, 00, FF, 15, 58, 81, 40, 00, 68, AC, A7, 40, 00, 68, E0, 5A, 42, 00, E8, DC, 29, 00, 00, FF, 15, AC, 80, 40, 00, BF, 00, C0, 42, 00, 50, 57, E8, CA, 29, 00, 00...
 
[+]

Entropy:
7.9996

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file jdownloadersetup.exe has been seen being distributed by the following 18 URLs.

http://s38b0-cb.uploaded.to/dl?id=16d2dea0dd4ba656a5ec9f8cb7dfbd68#

http://dpdownload-s03.pl/.../JDownloaderSetup_0.9581(dobreprogramy.pl).exe

http://letoltes.szoftverbazis.hu/z2sMXgyHq5dTTGmN7bliXg/1478712694/.../JDownloaderSetup.exe.exe

http://letoltes.szoftverbazis.hu/IHtMzEZ3IuwMLpbKxgKYUQ/1479540231/.../JDownloaderSetup.exe.exe

http://files.pobierz.pl/files/.../JDownloaderSetup_0.9581(Pobierz.pl).exe

http://letoltes.szoftverbazis.hu/Oed_96g1z_qvIPHFvrFnYQ/1453222586/.../JDownloaderSetup.exe.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to vp-javadl.oracle.com  (137.254.120.23:80)

TCP (HTTP):
Connects to 218.57.126.176.ip4.epix.net.pl  (176.126.57.218:80)

TCP (HTTP):
Connects to pc-19-255-46-190.cm.vtr.net  (190.46.255.19:80)

TCP (HTTP):
Connects to guard.ukrfond.kiev.ua  (77.222.148.74:80)

TCP (HTTP):
Connects to a72-247-182-27.deploy.akamaitechnologies.com  (72.247.182.27:80)

TCP (HTTP):

TCP (HTTP):
Connects to 225.ip-5-135-151.eu  (5.135.151.225:80)

Scan jdownloadersetup.exe - Powered by Reason Core Security