» download.exe
Overview
Analysis
File Details
Downloads (1)

download.exe

Dmitry Taranov

The application download.exe by Dmitry Taranov has been detected as adware by 17 anti-malware scanners. The file has been seen being downloaded from storagen.org.

File name:

download.exe

Publisher:

Dmitry Taranov (signed and verified)

MD5:

c842ab37429cb2c9333fa2689349c04f

SHA-1:

b25a67ee790f05208b1271fb4d52d52ffb7d52c2

SHA-256:

86cde573648eb1f18b020255be7a6bdcced6db7e2d70e408a00ad830406671b6

Scanner detections:

17 / 68

Status:

Adware

Analysis date:

6/23/2025 8:42:30 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.DR.Agent

7.1.1

Avira AntiVirus

TR/Dropper.Gen

7.11.175.174

avast!

Win32:Evo-gen [Susp]

2014.9-150418

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.15418

Comodo Security

TrojWare.Win32.Agent.A

21709

F-Prot

W32/S-88039e6e

v6.4.7.1.166

IKARUS anti.virus

Trojan.Dropper

t3scan.1.7.8.0

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.2172

McAfee

Artemis!C842AB37429C

5600.6991

NANO AntiVirus

Trojan.Win32.MLW.ddqldm

0.28.2.62440

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.DmitryTaranov

15.4.24.0

Sophos

Mal/Generic-S

4.98

Total Defense

Win32/Tnega.GFfGNZ

37.0.11540

Trend Micro House Call

Suspicious_GEN.F47V0926

7.2.273

VIPRE Antivirus

Trojan.Win32.Generic

39198

Zillya! Antivirus

Trojan.Agent.Win32.508728

2.0.0.2134

File size:

28.2 KB (28,920 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\download.exe

Digital Signature

Signed by:

Dmitry Taranov

Authority:

Unizeto Technologies S.A.

Valid from:

6/25/2014 7:19:58 AM

Valid to:

6/25/2015 7:19:58 AM

Subject:

E=taranov.1968@inbox.ru, CN=Dmitry Taranov, O=Dmitry Taranov, C=UA

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

04503F98B79B450E89CC1ADE70810548

File PE Metadata

Compilation timestamp:

6/25/2014 8:28:10 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

96:prceQQKeRJIjdxXSAFCK133QY6fQsvgSIh8Rjo2a1LaX/:me8eHIjPfco3Q3G8o2saX

Entry address:

0x1070

Entry point:

55, 8B, EC, 83, EC, 24, A1, 00, 30, 40, 00, 33, C5, 89, 45, FC, 68, 78, 20, 40, 00, FF, 15, 0C, 20, 40, 00, 89, 45, E4, A1, 84, 20, 40, 00, 89, 45, E8, 8B, 0D, 88, 20, 40, 00, 89, 4D, EC, 8B, 15, 8C, 20, 40, 00, 89, 55, F0, A1, 90, 20, 40, 00, 89, 45, F4, 8A, 0D, 94, 20, 40, 00, 88, 4D, F8, 83, 7D, E4, 00, 74, 36, C7, 45, DC, 00, 00, 00, 00, C7, 45, E0, 40, 10, 01, 00, 68, 10, 27, 00, 00, 6A, 00, 8B, 55, E0, 52, 6A, 00, 8D, 45, E8, 50, 6A, 00, E8, 1B, FF, FF, FF, 83, C4, 18, 89, 45, DC, 8B, 4D, E4, 51, FF... 
[+]

Entropy:

4.6044

Developed / compiled with:

Microsoft Visual C++

Code size:

1024 Bytes (1,024 bytes)

The file download.exe has been seen being distributed by the following URL.

http://storagen.org/Download.exe

Remove download.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.