home

download.exe

The executable download.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from bookbook.in and multiple other hosts.
MD5:
dbfb695b819a35d3a70be4051833a5e4

SHA-1:
78eba7dfc62ca3919612509da2eb73087ee08e88

SHA-256:
29a991b49fef069aaba04332e046135dea1ec902c482ca99892a209d34654634

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
7/13/2025 6:10:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
(M)
16.6.17.18

File size:
413 Bytes

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\download.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
12:EYOJwsoRTrm0mAQp7uSLT/BGwUbsJ7/+3bWomxs6bwOjn:qwTXm0Alu2InsILBmG6c+n

Entry point:
4E, 6F, 74, 69, 66, 69, 63, 61, 63, 69, F3, 6E, 20, 64, 65, 20, 50, 61, 6E, 64, 61, 20, 47, 50, 20, 32, 30, 31, 33, 3A, 0D, 0A, 0D, 0A, 45, 6C, 20, 61, 72, 63, 68, 69, 76, 6F, 20, 68, 74, 74, 70, 3A, 2F, 2F, 62, 6F, 6F, 6B, 63, 68, 69, 2E, 69, 6E, 2F, 76, 32, 34, 35, 39, 2F, 6C, 70, 2F, 3F, 71, 3D, 34, 41, 59, 47, 41, 53, 33, 59, 43, 41, 4E, 52, 4A, 58, 5A, 54, 56, 4E, 47, 72, 65, 76, 6B, 38, 35, 44, 78, 49, 64, 7A, 55, 76, 66, 44, 30, 33, 4D, 44, 78, 6B, 48, 38, 6B, 72, 70, 66, 62, 66, 78, 58, 50, 41, 6D...
 
[+]

The file download.exe has been seen being distributed by the following 2 URLs.

http://bookbook.in/caacf4eb931d09e0f725886ff5954600/listen2/dl.php?id=1414596374468571001&r=http://bookchi.in/v2459/lp/.../dV5G9Wo255krKxMNl3c3Zesnt6 1TzRJFBm5M9hCZALIC&__rnd=2cdd11ef8a4e4c2fdb8443b618eeb9e5

http://bookbook.in/caacf4eb931d09e0f725886ff5954600/listen2/dl.php?id=1414596374468571001&r=http://bookchi.in/v2459/lp/.../dV5G9Wo255krKxMNl3c3Zesnt6 1TzRJFBm5M9hCZALIC&__rnd=2cdd11ef8a4e4c2fdb8443b618eeb9e5

Remove download.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.