home

database.exe

doubleTwist

doubleTwist Corporation

The application database.exe by doubleTwist has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from download.doubletwist.com.
Publisher:
doubleTwist Corporation  (signed and verified)

Product:
doubleTwist

Version:
1, 0, 0, 0

MD5:
0528394195e045205c606903ec1ac13f

SHA-1:
28ad29a6b7c2bf4f9024ad305e07ae5b4d8ff550

SHA-256:
1f2b1d8b0ef720f8d24bd6f5a862c9125fe92c7268bb4e70b8b5d1f24b14c7c9

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 5:50:13 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.Crypt
4.0.3.1446

Fortinet FortiGate
W32/Crypt.CSB!tr
4/6/2014

IKARUS anti.virus
Trojan.Win32.Crypt
t3scan.2.2.29

K7 AntiVirus
Riskware
13.176.11663

Kaspersky
Trojan.Win32.Crypt
14.0.0.4056

McAfee
Artemis!0528394195E0
5600.7168

Quick Heal
Trojan.Crypt.csb
4.14.12.00

Reason Heuristics
PUP.doubleTwistCorporation.I
14.7.10.2

Sophos
Mal/Generic-S
4.98

File size:
792 KB (810,960 bytes)

Product version:
1, 0, 0, 0

Copyright:
Copyright © 2008-2009 doubleTwist Corporation

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\database.exe

Digital Signature
Signed by:
doubleTwist Corporation

Authority:
Thawte, Inc.

Valid from:
4/26/2012 5:00:00 PM

Valid to:
4/27/2013 4:59:59 PM

Subject:
CN=doubleTwist Corporation, O=doubleTwist Corporation, L=San Francisco, S=California, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
76841B75BB05730DAF509BC51CB852FC

File PE Metadata
Compilation timestamp:
7/21/2007 7:33:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:SLO+MJCkRu7oG1JQxKZMF153vh0lhpVFEeiTyj3e0XDpgo1uRgzMZkVPX59I6D:SLO+M9M7JSKZcaxVFFiWbpyRgwCP9

Entry address:
0x11DE6

Entry point:
55, 8B, EC, 6A, FF, 68, E0, 49, 41, 00, 68, E0, 1D, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 28, 41, 41, 00, 59, 83, 0D, 64, 97, 41, 00, FF, 83, 0D, 68, 97, 41, 00, FF, FF, 15, 2C, 41, 41, 00, 8B, 0D, 40, 93, 41, 00, 89, 08, FF, 15, 30, 41, 41, 00, 8B, 0D, 3C, 93, 41, 00, 89, 08, A1, 34, 41, 41, 00, 8B, 00, A3, 60, 97, 41, 00, E8, 1C, 01, 00, 00, 39, 1D, 90, 91, 41, 00, 75, 0C, 68, 6E, 1F, 41, 00, FF, 15, 38, 41...
 
[+]

Entropy:
7.9413

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
73 KB (74,752 bytes)

The file database.exe has been seen being distributed by the following URL.

http://download.doubletwist.com/.../Database.exe

Remove database.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.