home

airfiledown.exe

down_client_air

BankPrime.Corp

Publisher:
BankPrime.Corp  (signed and verified)

Product:
down_client_air

Description:
down_client

Version:
2, 1, 7, 1

MD5:
cffa0dac25f5bc4639b122b2d460da21

SHA-1:
3ce7c24b9b164a73efe26c526daf9d8068c6d0a1

SHA-256:
9101004d154f93b1dc7d6268f235939b0b4f955aa3853b47e1b62d315cbf89f6

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/26/2024 10:50:40 PM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
Trojan-Downloader.Win32.MultiDL
t3scan.2.0.7.0

File size:
3 MB (3,094,376 bytes)

Product version:
2, 1, 7, 1

Copyright:
Copyright (c) - 2012

Original file name:
down_client.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\airfile\airfiledown.exe

Digital Signature
Signed by:
BankPrime.Corp

Authority:
VeriSign, Inc.

Valid from:
10/5/2012 9:00:00 AM

Valid to:
10/6/2013 8:59:59 AM

Subject:
CN=BankPrime.Corp, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=BankPrime.Corp, L=Guro-gu, S=Seoul, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7996639A6CD49F1EFDECBEFB7682AE66

File PE Metadata
Compilation timestamp:
8/15/2012 3:54:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:2F699cWQ2b5spfpfHCVLMJiRhRAoYBmOA5l8Uhx7lxLB:f9qWQ2b55VLMJiD4A5nhxhx1

Entry address:
0x59CCD

Entry point:
E8, 49, 8B, 00, 00, E9, 16, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 64, D0, 48, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 64, D0, 48, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B...
 
[+]

Entropy:
4.9725

Code size:
440 KB (450,560 bytes)

Windows Firewall Allowed Program
Name:
C:\Program Files (x86)\Airfile\AirfileDown.exe


Scan airfiledown.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.