» Download.exe
Overview
Analysis
File Details
Downloads (3)

Download.exe

Of Allegiant

Of Articulated

The application Download.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from netuksetsetnews.info and multiple other hosts.

File name:

Download.exe

Publisher:

Of Articulated

Product:

Of Allegiant

Description:

Work An

Version:

4.2.8.0

MD5:

53cdc357abff3ba5d4f7c55e9f0d409e

SHA-1:

a6b88d6c356219a4d49399c167a8328f9a56381a

SHA-256:

488bffc9b573650d9536e164dbaa02b6a43664a0fbf8c2b3ea3480ac84e52e87

Scanner detections:

15 / 68

Status:

Potentially unwanted

Analysis date:

5/10/2024 4:08:18 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.16

885

AhnLab V3 Security

PUP/Win32.MultiPlug

2014.09.03

Avira AntiVirus

ADWARE/Adware.Gen4

7.11.170.158

AVG

Adware Generic5.BIMM

2014.0.4015

Bitdefender

Gen:Variant.Application.Bundler.16

1.0.20.1230

Bkav FE

HW32.CDB

1.3.0.4959

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.16

9.0.0.4324

ESET NOD32

Win32/AdWare.MultiPlug.BS (variant)

8.10357

F-Secure

Gen:Variant.Application.Bundler

11.2014-03-09_4

G Data

Gen:Variant.Application.Bundler.16

14.9.24

Malwarebytes

PUP.Optional.MultiPlug

v2014.09.03.02

McAfee

MultiPlug

5600.7019

MicroWorld eScan

Gen:Variant.Application.Bundler.16

15.0.0.738

NANO AntiVirus

Riskware.Win32.MultiPlug.dekkbu

0.28.2.61942

Sophos

MultiPlug

4.98

File size:

720 KB (737,280 bytes)

Product version:

9.1.6.1

Original file name:

Download.exe

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\downloads\download.exe

File PE Metadata

Compilation timestamp:

12/23/2012 3:58:42 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:X25iATXrmoKyTG1nsTp+pJr293I6JMxYULZmFdHnXImJMXS7M6VhPD6eCwHhv5xc:tUrlVp+p0pJeMlJz+eXx8L

Entry address:

0x10CF7

Entry point:

E8, 9E, 3E, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, EF, 41, 00, E8, E3, 12, 00, 00, E8, 6B, 40, 00, 00, 0F, B7, F0, 6A, 02, E8, 31, 3E, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, F0, 04, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.8707 (probably packed)

Code size:

101 KB (103,424 bytes)

The file Download.exe has been seen being distributed by the following 3 URLs.

http://netuksetsetnews.info/v1319/lp/?q=Rb/L5AWP2elb/34567SDrPKbIt3MOhhdRHOWGjJeAIAcfV62dczvUngZvwVkEGVenlohaXGJeGc4cRtD9VUqSMnlIcrQzp/LJ5yXbfJzAw/.../yNn8E0VmggiFCBkFPbG0xYsHTJOPZrOLR1WTqrC7Bat8gXRA4FUx4EIo&external_id=1409465531575665463

http://applicationgrabb.net/4391690e8b8c55b8a619b0524c01a1cd/flshDu/dl.php?id=1409465531575665463&r=http://netuksetsetnews.info/v1319/lp/?q=Rb/L5AWP2elb/34567SDrPKbIt3MOhhdRHOWGjJeAIAcfV62dczvUngZvwVkEGVenlohaXGJeGc4cRtD9VUqSMnlIcrQzp/LJ5yXbfJzAw/.../yNn8E0VmggiFCBkFPbG0xYsHTJOPZrOLR1WTqrC7Bat8gXRA4FUx4EIo&__rnd=89375232c40d529309647db2d015378f

Remove Download.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.