home

download.exe

Gerenciador de Download

BR SOFTWARE LLC

The application download.exe by BR SOFTWARE has been detected as adware by 24 anti-malware scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.publicidade.me and multiple other hosts.
Publisher:
ASSISTENTE DE DOWNLOAD  (signed by BR SOFTWARE LLC)

Product:
Gerenciador de Download

Version:
1.0.0

MD5:
d9a790d221ce35e4b4896b2f7b9adf76

SHA-1:
12542a555718bfc7584eb32aef69c645b9e1ac3c

SHA-256:
25bccffe2dd5d0786c153cf97bf6a7be1e39825479fb2466875051bd65526556

Scanner detections:
24 / 68

Status:
Adware

Analysis date:
4/26/2024 5:21:10 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/Rogue.381890
7.11.115.102

avast!
Win32:Adware-gen [Adw]
2014.9-140304

AVG
MalSign.Downloader.edc
2015.0.3545

Bitdefender
Adware.Generic.268568
1.0.20.315

Bkav FE
W32.Clod5c5.Trojan
1.3.0.4562

Comodo Security
UnclassifiedMalware
17327

Dr.Web
Adware.Downware.376
9.0.1.063

Emsisoft Anti-Malware
Adware.Generic.268568
8.14.03.04.08

ESET NOD32
Win32/Adware.PCMega
8.9088

Fortinet FortiGate
Riskware/PCMega
3/4/2014

F-Prot
W32/Adware.AKQE
v6.4.7.1.166

F-Secure
Adware.Generic.268568
11.2014-04-03_3

G Data
Adware.Generic.268568
14.3.22

IKARUS anti.virus
Win32.Downloader.RDW
t3scan.2.2.29

K7 AntiVirus
Adware
13.174.10294

McAfee
Artemis!D9A790D221CE
5600.7201

MicroWorld eScan
Adware.Generic.268568
15.0.0.189

NANO AntiVirus
Riskware.Win32.Agent.cinaww
0.28.0.56316

Reason Heuristics
PUP.BRSOFTWARE.I
14.3.29.10

Sophos
Generic PUA BC
4.95

SUPERAntiSpyware
Trojan.Agent/Gen-ZAccess
10747

Trend Micro House Call
TROJ_GEN.RCBH1II
7.2.63

Trend Micro
TROJ_GEN.RCBH1II
10.465.04

ViRobot
Backdoor.Win32.A.ZAccess.394869[UPX]
2011.4.7.4223

File size:
373.4 KB (382,336 bytes)

Product version:
1.0.0

Copyright:
© ASSISTENTE DE DOWNLOAD

Original file name:
acelerador.exe

File type:
Executable application (Win32 EXE)

Language:
Portuguese (Brazil)

Common path:
C:\users\{user}\downloads\download.exe

Digital Signature
Signed by:
BR SOFTWARE LLC

Authority:
GlobalSign nv-sa

Valid from:
6/8/2012 3:58:43 PM

Valid to:
6/9/2015 3:58:43 PM

Subject:
CN=BR SOFTWARE LLC, O=BR SOFTWARE LLC, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11212BC0BF00C9C6FB65718638885C9FC576

File PE Metadata
Compilation timestamp:
5/6/2009 2:23:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:/fxjxvjpe238JMJRMVkvkcyc65DECBe2UQB343iTYOGQKnOfadwwX:/fnbsJiRQf9VnBe2U8ISUZQBCdvX

Entry address:
0xFA6C0

Entry point:
60, BE, 00, 20, 4A, 00, 8D, BE, 00, F0, F5, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA]

Code size:
356 KB (364,544 bytes)

The file download.exe has been seen being distributed by the following 2 URLs.

http://www.publicidade.me/download/ads/.../filme.exe

http://www.publicidade.me/download/ads/.../download.exe

Remove download.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.