home

main_aur_charles_201.exe

Super Download Media

The application main_aur_charles_201.exe by Super Download Media has been detected as a potentially unwanted program by 6 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Super Download Media  (signed and verified)

Product:
Super Download Media

Version:
4.8.7.3330

MD5:
a59eed5774c59c287cea3e8a1da0d098

SHA-1:
5db396f4f7de38a3cab8612d24e835bb589e658f

SHA-256:
1d7c65edc617407408dac4f96c283b08e8c819463c438031129e75e0cd41464d

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
12/28/2024 5:05:51 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Vittalia.958
9.0.1.05190

ESET NOD32
Win32/DownloadAdmin.P potentially unwanted application
8.0.319.0

F-Secure
Variant.Application.Bundler
5.15.21

Microsoft Security Essentials
Threat.Undefined
1.213.7242.0

Norman
Gen:Variant.Application.Bundler.DownloadAdmin.4
19.02.2016 10:08:15

Reason Heuristics
PUP.DownloadAdmin (M)
16.2.26.12

File size:
883.8 KB (905,024 bytes)

Product version:
4.8.7.3330

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\main_aur_charles_201.exe

Digital Signature
Signed by:
Super Download Media

Authority:
VeriSign, Inc.

Valid from:
10/28/2015 5:30:00 AM

Valid to:
10/28/2016 5:29:59 AM

Subject:
CN=Super Download Media, O=Super Download Media, L=oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
539371EF08EBEEE27231F295906A4B51

File PE Metadata
Compilation timestamp:
11/25/2014 12:22:53 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:OIfWCyIvqyFUxigjxKPx7OUinhjIGB9aiUaMU/DmuqNZw3Z6gRNa3bkO:OI93l8igjxKPx76hcGBU1VeDUu4ia34O

Entry address:
0x4428

Entry point:
E8, F3, 90, 00, 00, E9, F1, 89, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, EC, 20, B9, 1E, 00, 00, 00, 8D, 04, 24, EB, 03, 8D, 49, 00, C6, 00, 00, 40, 83, E9, 01, 75, F7, 53, 55, 8B, 6C, 24, 2C, 56, 8B, C5, 57, 8D, 50, 01, 8A, 08, 40, 84, C9, 75, F9, 2B, C2, 8B, F8, 8D, 5F, 02, 53, FF, 15, 00, F2, 40, 00, 83, C4, 04, 53, 8B, F0, 55, 56, FF, 15, 58, F0, 40, 00, C6, 04, 3E, 00, C6, 44, 3E, 01, 00, 8D, 4C, 24, 10, B8, 14, 04, 00, 00, 51, 89, 74, 24, 1C, C7, 44, 24, 18, 03, 00, 00, 00...
 
[+]

Entropy:
7.9642  (probably packed)

Code size:
53.5 KB (54,784 bytes)

Remove main_aur_charles_201.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.