down.640.setupespl.exe

The application down.640.setupespl.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
MD5:
27dd2c5f15894689dc6b79685b854b59

SHA-1:
ff117b0fc097a24a236068c84f828df237269013

SHA-256:
d7ebf061733389a36dabb06fbe0374b35113f562500cddd303229191ab3f1e0b

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
10/22/2017 11:55:49 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Adware/Win32.Agent
2014.06.11

AVG
Adware Generic_r.JY
2014.0.3955

Dr.Web
Trojan.Crossrider.21707
9.0.1.05190

Reason Heuristics
PUP.Bundled
16.2.21.0

File size:
16 KB (16,384 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\down.640.setupespl.exe

File PE Metadata
Compilation timestamp:
6/7/2014 6:02:11 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
384:3AQjzTAxE/eYIwMetan5gDHpOnYd52ELOkuZGg:3Aqz8xE/RICtaaH8nYdJOkgGg

Entry address:
0x10A0B

Code size:
103 KB (105,472 bytes)

Remove down.640.setupespl.exe - Powered by Reason Core Security