» download.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

download.exe

The application download.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from a.allstatepro.info.

File name:

download.exe

MD5:

a5c5b128d6e42fd9d072275a58c651f9

SHA-1:

c2624d465cf74219f43816e74d9558a64f476ef4

SHA-256:

1eaf3507ae249a73a4ad587b250354cbeb08d96d176294d324a03e31a4ad8b85

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

4/28/2024 8:02:30 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.NL

5777817

Agnitum Outpost

PUA.MultiPlug

7.1.1

AhnLab V3 Security

PUP/Win32.MultiPlug

2015.06.15

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.30.172

Arcabit

Application.Bundler.NL

1.0.0.425

avast!

Win32:Adware-gen [Adw]

150602-1

AVG

Generic6

2016.0.3078

Bitdefender

Application.Bundler.NL

1.0.20.830

Comodo Security

Application.Win32.AdWare.MultiPlug.VA

22455

Dr.Web

Trojan.PWS.Qqpass.11207

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.NL

10.0.0.5366

ESET NOD32

Win32/Adware.MultiPlug.MI application

7.0.302.0

Fortinet FortiGate

Riskware/Generic.AC.4386

6/15/2015

F-Secure

Riskware.Application.Bundler.NL

5.14.151

G Data

Application.Bundler.NL

15.6.25

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

14.0.0.1884

Malwarebytes

PUP.Optional.MultiPlug.SID.A

v2015.06.15.04

Microsoft Security Essentials

Threat.Undefined

1.199.2547.0

MicroWorld eScan

Application.Bundler.NL

16.0.0.498

Norman

Application.Bundler.NL

02.06.2015 14:23:46

Reason Heuristics

Threat.Win.Reputation.IMP

15.6.15.0

Sophos

PUA 'MultiPlug' (of type Adware)

5.15

Vba32 AntiVirus

suspected of Heur.Malware-Cryptor.Multiplug

3.12.26.4

File size:

243 KB (248,832 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\{646fb9a9-f3de-bf06-646f-fb9a9f3de6a7}\download.exe

File PE Metadata

Compilation timestamp:

1/14/2013 5:07:48 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:6NQ8MjZoH1Q9aLz0DzLH8Sbs/NsS4HfBWtjumy+dH:6dMjZT4z0DfHu/NslEtjuyx

Entry address:

0x66F4

Entry point:

E8, 8D, 13, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 50, EE, 42, 00, E8, 96, 18, 00, 00, E8, 5A, 15, 00, 00, 0F, B7, F0, 6A, 02, E8, 20, 13, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 01, 0D, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.1471

Code size:

44.5 KB (45,568 bytes)

Scheduled Task

Task name:

Bidaily Synchronize Task[973b]

Trigger:

Daily (Runs daily at 11:45 PM)

The file download.exe has been seen being distributed by the following URL.

http://a.allstatepro.info/hp/?q=lmy0JrupYH8oJ6789/OP3ee aJAJwm26oO6h5laDarZGdLyXriUQqfFL55jcW1yxV22yda0 9VFYL2mv0nH3KcdczgZ4AuvsW Tu9iFui8lJeFXCF0gySnYWJP8unbFgDn7tGivBVGjAfKs7y xqCxSyWYLVAJL5FUKMV8l/PVuTgicx1RaRqpczFr6Wda0kKqpQ8h4f4H6ZEcS7iiqjOWv08/jw9qee3dzHPQoKnX/ijp9Tafil80HWBr25G3jZkkZsbON/AQFtt0YOHicL gkPp7UYC/JDP4u/.../nIMlMyJUMeQyUmL

Remove download.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.