profesor.henry.business.english_idg_downloader_14121_pc.exe

International Data Group Poland S.A.

The application profesor.henry.business.english_idg_downloader_14121_pc.exe by International Data Group Poland S.A has been detected as adware by 7 anti-malware scanners. This is a setup program which is used to install the application. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).
Publisher:
International Data Group Poland S.A.  (signed and verified)

Version:
2.1.9.0

MD5:
b4bfeb988e7c7318c97eefeb5c0a3f65

SHA-1:
926b82339f796ccbaab8396593db9d4633f92a38

SHA-256:
84b058f24bc30acf7d822a89dde02be6eea4703adb9543a88cf1cc29906c618e

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
12/25/2024 1:15:38 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Downloader/Win32.Genome
15.10.19

Comodo Security
TrojWare.Win32.TrojanDownloader.banload.ek3
18115

Dr.Web
DLOADER.Trojan
9.0.1.0292

ESET NOD32
Win32/PCWorldPLoader (variant)
9.9685

McAfee
Artemis!B4BFEB988E7C
5600.6607

Reason Heuristics
PUP.InternationalDataGroupPolandSA (M)
15.10.19.21

VIPRE Antivirus
Elex Installer
28294

File size:
1.4 MB (1,422,376 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Polish (Poland)

Common path:
C:\users\{user}\downloads\profesor.henry.business.english_idg_downloader_14121_pc.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
7/3/2012 2:00:00 AM

Valid to:
7/25/2013 1:59:59 AM

Subject:
CN=International Data Group Poland S.A., O=International Data Group Poland S.A., L=Warszawa, S=mazowieckie, C=PL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6449CCE113496CFF0A184DD37F8C47BC

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:BSzGdJRBxCkRrU2E6ToKp2+oYvQ4ebPe+tvGzkH26G5ZggUgE3p:xR3RYJ6TDp2T6QDmcvGzko5LUX3p

Entry address:
0x1F58D0

Entry point:
60, BE, 00, 80, 4F, 00, 8D, BE, 00, 90, F0, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
1016 KB (1,040,384 bytes)

The file profesor.henry.business.english_idg_downloader_14121_pc.exe has been seen being distributed by the following URL.