» Download.exe
Overview
Analysis
File Details
Downloads (1)

Download.exe

From Larynx

Ants Canadian

The application Download.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from applicationgrabb.net.

File name:

Download.exe

Publisher:

Ants Canadian

Product:

From Larynx

Description:

Very Somatic

Version:

7.2.0.6

MD5:

f802da54ab25e0a2a2ce00468eca236c

SHA-1:

2da4b9d57025f50976e32d906ec6594e7e7afd95

SHA-256:

f91f571e951e12fc6f99b4bfd996965b8c2f493b94ab76a15395d63d3245cb91

Scanner detections:

13 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 11:44:22 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.CB

890

AhnLab V3 Security

PUP/Win32.MultiPlug

2014.08.29

AVG

Adware Generic5.BHUU

2014.0.4015

Bitdefender

Application.Bundler.CB

1.0.20.1200

Dr.Web

BackDoor.Andromeda.407

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.CB

9.0.0.4324

ESET NOD32

Win32/AdWare.MultiPlug.BS (variant)

8.10331

F-Secure

Application.Bundler.CB

11.2014-28-08_5

G Data

Application.Bundler.CB

14.8.24

Malwarebytes

PUP.Optional.MultiPlug

v2014.08.28.05

McAfee

MultiPlug

5600.7024

MicroWorld eScan

Application.Bundler.CB

15.0.0.720

NANO AntiVirus

Riskware.Win32.MultiPlug.degcyb

0.28.2.61861

File size:

566 KB (579,584 bytes)

Product version:

4.4.7.4

Original file name:

Download.exe

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\downloads\download.exe

File PE Metadata

Compilation timestamp:

12/13/2013 9:41:38 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:Z0Nrj5ywKflvtJAa9EYs91kHmWxr7MwG1SHADap6cgHfGTc/JSv0:FvflvtJAaiYsWF7hGUgDapOHfGTc8

Entry address:

0x11F35

Entry point:

E8, 90, 3E, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, FF, 41, 00, E8, 85, 0B, 00, 00, E8, 5D, 40, 00, 00, 0F, B7, F0, 6A, 02, E8, 23, 3E, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, F0, 04, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.8042 (probably packed)

Code size:

105.5 KB (108,032 bytes)

The file Download.exe has been seen being distributed by the following URL.

http://applicationgrabb.net/.../Download.exe

Remove Download.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.