» 24105b51-ec45-b26e-b274-db13b6b166f7_1d1c6fbf6e1749c
Overview
Analysis
File Details
Downloads (6)
Network (1)

24105b51-ec45-b26e-b274-db13b6b166f7_1d1c6fbf6e1749c

Video Downloader Ultimate

Link64 GmbH

The file 24105b51-ec45-b26e-b274-db13b6b166f7_1d1c6fbf6e1749c, “Video Downloader Ultimate - Win App [VideoDownloaderUltimate.exe]” by Link64 GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from videodownloaderultimate.en.softonic.com and multiple other hosts. While running, it connects to the Internet address pc164.nero.com on port 443.

File name:

Publisher:

Link64 GmbH (signed and verified)

Product:

Video Downloader Ultimate

Description:

Video Downloader Ultimate - Win App [VideoDownloaderUltimate.exe]

Version:

1.0.1.84

MD5:

825fa1a42c7f0e1d0227d313bd512f4d

SHA-1:

feca55013bd6d1f7b8d966c96120d8baefc356fc

SHA-256:

b906449b00a2528e63c440e3fe6c72277571339bb88591df6aaeace7cd058b8c

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 6:02:07 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Link64 (M)

16.6.14.13

File size:

305.8 KB (313,160 bytes)

Product version:

1.0.1.84 - 1001

Original file name:

VideoDownloaderUltimate_Installer.exe

Language:

English (United States)

Common path:

C:\ProgramData\microsoft\windows defender\scans\filesstash\24105b51-ec45-b26e-b274-db13b6b166f7_1d1c6fbf6e1749c

Digital Signature

Signed by:

Link64 GmbH

Authority:

thawte, Inc.

Valid from:

3/5/2015 7:00:00 AM

Valid to:

5/4/2017 6:59:59 AM

Subject:

CN=Link64 GmbH, OU=Secure Application Development, O=Link64 GmbH, L=Karlsruhe, S=Baden-Wuerttemberg, C=DE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

65CD89BFF8441FFA492CCEB690151ECA

File PE Metadata

Compilation timestamp:

6/7/2016 5:42:53 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:FJ5+ywbEpX9Ey5ZFm0TwhLBv66a5/JTx0wfg9x2JHYVY/rCEsWTBfvNN7ohZMtEd:D5sbipwhF6//nJv/rCxWTBnAmECQ

Entry address:

0x685C

Entry point:

E8, C2, 5A, 00, 00, E9, 17, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7, C2, 03, 00, 00, 00, 75, EA, 83, E8, 04, 72, 12, 57, 8B, FB, C1, E3, 08, 03, DF, 8B, FB, C1, E3, 10, 03, DF, EB, 1B, 5F, 83, C0, 04, 74, 0E, 8A, 0A, 83, C2, 01, 32, CB, 74, 40, 83, E8, 01, 75, F2, 5B, C3, 83, E8, 04, 72, E5, 8B, 0A, 33, CB, BF, FF, FE, FE, 7E, 03... 
[+]

Entropy:

6.2333

Code size:

172 KB (176,128 bytes)

The file 24105b51-ec45-b26e-b274-db13b6b166f7_1d1c6fbf6e1749c has been seen being distributed by the following 6 URLs.

https://videodownloaderultimate.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxANiUIoi1SijhBU NkNiUJC2AofoaE2YDX5GK5z3PX/LrVjxfdMFGVKLlI430uaiPa11X/RTMcDEXa630Oz81wJHnEH/k2CDzyP qjhN8J4Zj4tBQYtMpfGIvU Y3JkIhZL8dBKDbybtms6sBVURq/.../9AKPBmAA==

http://gsf-cf.softonic.com/fec/a55/.../VideoDownloaderUltimate_Installer_mini.exe

http://r2.computerbild.de/exec/r2r.pl?m=w-cobi;u=http://d.computerbild.de/downloads/.../VideoDownloaderUltimate_Installer_mini.exe

http://videodownloaderultimate.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxANiUIoi1SijhBU NkNiUJC2AofoaE2YDX5GK5z3PX/LrVjxfdMFGVKLlI430uaiPa11X/RTMcDEXa630Oz81wJHnEH/k2CDzyP qjhN8J4Zj4tBQYtMpfGIvU Y3JkIhZL8dBKDbybtms6sBVURq/.../9AKPBmAA==

http://gsf-cf.softonic.com/3c8/243/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69709340&instance=softonic_en&type=PROGRAM&Expires=1468626299&Signature=ODWihcO59uD~ncNSGtzp0gywfbsYrGOK7vjG2I7F9c-C8JCFfa1jWYqH~c-y2NncxqTCq8kOzpJfigPoK8e9Azrdnr7hSpN4WYwj1tcvp5U2O8gRhARsxOqBKPkDX1ykRj5iYOliK83UH1jHqtsuBAzov-rnQkBamsDXkqhtN14_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=dxwebsetup.exe

https://videodownloaderultimate.com/.../VideoDownloaderUltimate_Installer_mini.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):

Connects to pc164.nero.com (82.98.209.164:443)

Remove 24105b51-ec45-b26e-b274-db13b6b166f7_1d1c6fbf6e1749c - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.