» 13071437546579375305.exe
Overview
Analysis
File Details
Downloads (2294)
Network (9)

13071437546579375305.exe

JDownloader

Appwork GmbH

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application 13071437546579375305.exe by Appwork GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from fetch.jdcdn.org and multiple other hosts. While running, it connects to the Internet address static.139.123.201.138.clients.your-server.de on port 80 using the HTTP protocol.

File name:

Publisher:

Appwork GmbH (signed and verified)

Product:

JDownloader

Version:

2.0

MD5:

80d208769809466cc1d0f22cba67e40b

SHA-1:

068b4cb0090860af11fd5832fe5dff3c7e726ca6

SHA-256:

8a85b5510207b7f60f82ce0461b084fb2d34b366dd69dabc0cfb6da663c06cfa

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/20/2024 5:09:21 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Bundler.installCore

15.3.21.17

File size:

34.7 MB (36,403,960 bytes)

Product version:

2.0

AppWork GmbH

Original file name:

JDownloader2Setup_x64_c.exe

File type:

Executable application (Win64 EXE)

Bundler/Installer:

installCore

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\13071437546579375305.exe

Digital Signature

Signed by:

Appwork GmbH

Authority:

thawte, Inc.

Valid from:

1/28/2015 1:00:00 AM

Valid to:

1/29/2016 12:59:59 AM

Subject:

CN=Appwork GmbH, O=Appwork GmbH, L=Fürth, S=Bayern, C=DE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

5CA15B949EC0CBCECEB7C57981B033A8

File PE Metadata

Compilation timestamp:

9/24/2014 10:16:39 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

786432:NCzdYAaamLZwKRPxAZAiJvTn8NSK4pvvtovaHuTaRdt74:wAcZ9JvTvpvtovaHuT

Entry address:

0x1F290

Entry point:

48, 83, EC, 28, E8, E7, B2, 00, 00, 48, 83, C4, 28, E9, 12, FE, FF, FF, CC, CC, 40, 53, 48, 83, EC, 30, 48, 85, C9, 74, 0D, 48, 85, D2, 74, 08, 4D, 85, C0, 75, 2C, 44, 88, 01, E8, 6B, FD, FF, FF, BB, 16, 00, 00, 00, 48, 83, 64, 24, 20, 00, 45, 33, C9, 45, 33, C0, 33, D2, 33, C9, 89, 18, E8, E3, B3, FF, FF, 8B, C3, 48, 83, C4, 30, 5B, C3, 4C, 8B, C9, 41, 8A, 00, 49, FF, C0, 41, 88, 01, 49, FF, C1, 84, C0, 74, 06, 48, 83, EA, 01, 75, EA, 48, 85, D2, 75, 0E, 88, 11, E8, 22, FD, FF, FF, BB, 22, 00, 00, 00, EB... 
[+]

Code size:

206 KB (210,944 bytes)

The file 13071437546579375305.exe has been seen being distributed by the following 50 URLs.

http://fetch.jdcdn.org/download/dl/forward?rand_13124393191265913714/2434/34/windows/64/_WindowsDefender_McAfeeAntiVirusyAntiSpyware_/.../jdownloader2

http://installer.jdownloader.org/r_131159962108951779/2405/windows/64/.../cjdownloader2

http://installer.jdownloader.org/r_131270183207278056/2405/windows/64/.../cjdownloader2

http://installer.jdownloader.org/r_131247179140882526/2405/windows/64/.../cjdownloader2

http://fetch.jdcdn.org/download/dl/forward?rand_13127296310519329029/2434/.../windows/64/_NortonInternetSecurity_WindowsDefender_AvastAntivirus_/.../jdownloader2

http://installer.jdownloader.org/r_131234378302341517/2405/windows/64/.../cjdownloader2

http://installer.jdownloader.org/r_131281372197887312/2405/windows/64/.../cjdownloader2

http://installer.jdownloader.org/r_131284745454198588/2405/windows/64/.../cjdownloader2

http://fetch.jdcdn.org/download/dl/forward?rand_13129077313946286154/2434/56/windows/64/_WindowsDefender_McAfeeAntiVirusyAntiSpyware_AvastAntivirus_/.../jdownloader2

http://fetch.jdcdn.org/download/dl/forward?rand_13129745396417708016/2434/.../windows/64/_WindowsDefender_McAfeeAntiVirusandAntiSpyware_/.../jdownloader2

http://installer.jdownloader.org/r_131277493692062299/2405/windows/64/.../cjdownloader2

http://fetch.jdcdn.org/download/dl/forward?rand_13129678398357119428/2434/33/windows/64/_WindowsDefender_ProtectionantivirusetantispywareMcAfee_AVGAntivirus_/.../jdownloader2

http://installer.jdownloader.org/r_131298475985608010/2405/windows/64/.../cjdownloader2

http://installer.jdownloader.org/r_131268856907710433/2405/windows/64/.../cjdownloader2

http://installer.jdownloader.org/r_131279072239528885/2405/windows/64/.../cjdownloader2

http://installer.jdownloader.org/r_131248991942205983/2405/windows/64/.../cjdownloader2

http://installer.jdownloader.org/r_131291434022941472/2405/windows/64/.../cjdownloader2

http://installer.jdownloader.org/r_131234457808927958/2405/windows/64/.../cjdownloader2

http://installer.jdownloader.org/r_131006886243757672/2405/windows/64/.../cjdownloader2

http://installer.jdownloader.org/r_131255136813410770/2405/windows/64/.../cjdownloader2

http://installer.jdownloader.org/r_131194332254808868/2405/windows/64/.../cjdownloader2

http://fetch.jdcdn.org/download/dl/forward?rand_13127869893055667445/2434/39/windows/64/_WindowsDefender_AvastAntivirus_/.../jdownloader2

http://fetch.jdcdn.org/download/dl/forward?rand_13128999670880095199/2434/48/windows/64/_WindowsDefender_McAfeeochronaantywirusowaiprzedoprogramowaniemszpiegujcym_/.../jdownloader2

http://fetch.jdcdn.org/download/dl/forward?rand_13127424038636667959/2434/34/windows/64/_AvastAntivirus_/.../jdownloader2

http://installer.jdownloader.org/r_131223095103547486/2405/windows/64/.../cjdownloader2

http://installer.jdownloader.org/r_131246442819409010/2405/windows/64/.../cjdownloader2

http://installer.jdownloader.org/r_131201364109411892/2405/windows/64/.../cjdownloader2

http://installer.jdownloader.org/r_131273943350316558/2405/windows/64/.../cjdownloader2

http://installer.jdownloader.org/r_131296607567225592/2405/windows/64/.../cjdownloader2

http://fetch.jdcdn.org/download/dl/forward?rand_13128650031581450191/2434/52/windows/64/_PandaFreeAntivirus_WindowsDefender_/.../jdownloader2

Latest 30 of 2,294 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to cdn4.appwork.org (176.9.34.43:80)

TCP (HTTP SSL):

Connects to static.18.68.251.148.clients.your-server.de (148.251.68.18:443)

TCP (HTTP):

Connects to cdn5.appwork.org (46.4.126.3:80)

TCP (HTTP):

Connects to static.139.123.201.138.clients.your-server.de (138.201.123.139:80)

TCP (HTTP):

Connects to cdn8.appwork.org (85.131.130.147:80)

TCP (HTTP):

Connects to mail.appwork.org (176.9.43.113:80)

TCP (HTTP):

Connects to static.41.138.99.88.clients.your-server.de (88.99.138.41:80)

TCP (HTTP):

Connects to ip-184-168-221-57.ip.secureserver.net (184.168.221.57:80)

Remove 13071437546579375305.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.