» download.exe
Overview
Analysis
File Details
Downloads (1)

download.exe

Denis Kelner

The executable download.exe has been detected as malware by 17 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from storagen.info.

File name:

download.exe

Publisher:

Denis Kelner (signed and verified)

MD5:

4e59b3198f7254f5cf7e92961ae1259c

SHA-1:

00d07da5758970444e1b5247db3d5dbfb17007be

SHA-256:

6a3c1c273a114d1189cb4e161471d54f1e7b5bfc35b8302ed6a6d7ccb8cb5a7a

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

8/14/2025 3:40:17 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.DR.Agent

7.1.1

Avira AntiVirus

TR/Dropper.Gen

7.11.178.86

avast!

Win32:Evo-gen [Susp]

2014.9-150418

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.15418

Comodo Security

TrojWare.Win32.Agent.A

21709

F-Prot

W32/S-88039e6e

v6.4.7.1.166

IKARUS anti.virus

Trojan.Dropper

t3scan.1.7.8.0

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.2172

McAfee

Artemis!4E59B3198F72

5600.6977

NANO AntiVirus

Trojan.Win32.MLW.ddqldm

0.28.2.62671

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.4.18.12

Sophos

Mal/Generic-S

4.98

Total Defense

Win32/Tnega.GFfGNZ

37.0.11540

Trend Micro House Call

Suspicious_GEN.F47V0927

7.2.288

VIPRE Antivirus

Trojan.Win32.Generic

39198

Zillya! Antivirus

Trojan.Agent.Win32.508728

2.0.0.2134

File size:

27.8 KB (28,456 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\download.exe

Digital Signature

Signed by:

Denis Kelner

Authority:

Unizeto Technologies S.A.

Valid from:

6/25/2014 12:18:38 PM

Valid to:

6/25/2015 12:18:38 PM

Subject:

E=denis.kelner@yandex.ru, CN=Denis Kelner, O=Denis Kelner, C=UA

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

52A562CBD6276332D4B72816BBFE82A9

File PE Metadata

Compilation timestamp:

6/25/2014 1:28:10 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

96:prpeQQKZRJIjdxXSjvK133QY6f81VGMfrD8zjo2Ll7QbRLF64UN:/e8ZHIjPQvo3Q3+VNfn6o2Ll7QbR84UN

Entry address:

0x1070

Entry point:

55, 8B, EC, 83, EC, 24, A1, 00, 30, 40, 00, 33, C5, 89, 45, FC, 68, 78, 20, 40, 00, FF, 15, 0C, 20, 40, 00, 89, 45, E4, A1, 84, 20, 40, 00, 89, 45, E8, 8B, 0D, 88, 20, 40, 00, 89, 4D, EC, 8B, 15, 8C, 20, 40, 00, 89, 55, F0, A1, 90, 20, 40, 00, 89, 45, F4, 8A, 0D, 94, 20, 40, 00, 88, 4D, F8, 83, 7D, E4, 00, 74, 36, C7, 45, DC, 00, 00, 00, 00, C7, 45, E0, 40, 10, 01, 00, 68, 10, 27, 00, 00, 6A, 00, 8B, 55, E0, 52, 6A, 00, 8D, 45, E8, 50, 6A, 00, E8, 1B, FF, FF, FF, 83, C4, 18, 89, 45, DC, 8B, 4D, E4, 51, FF... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

1024 Bytes (1,024 bytes)

The file download.exe has been seen being distributed by the following URL.

http://storagen.info/Download.exe

Remove download.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.