» download.exe
Overview
Analysis
File Details
Downloads (1)

download.exe

SERGEY NIKITIN

The application download.exe by SERGEY NIKITIN has been detected as adware by 17 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from storagen.org.

File name:

download.exe

Publisher:

SERGEY NIKITIN (signed and verified)

MD5:

3b94ef240aaa5a2f9b07562f283b22ac

SHA-1:

fde54217def06220702be0951122018d0b3214d0

SHA-256:

52ff678a5c79760267501a70477d3ae348901a4f36aefe15c013207c14a53b18

Scanner detections:

17 / 68

Status:

Adware

Analysis date:

6/24/2025 6:26:23 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.DR.Agent

7.1.1

Avira AntiVirus

TR/Dropper.Gen

7.11.188.230

avast!

Win32:Evo-gen [Susp]

2014.9-150418

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.15418

Comodo Security

TrojWare.Win32.Agent.A

21709

F-Prot

W32/S-88039e6e

v6.4.7.1.166

IKARUS anti.virus

Trojan.Dropper

t3scan.1.8.3.0

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.2172

McAfee

RDN/Generic.hra!ch

5600.6791

NANO AntiVirus

Trojan.Win32.Agent.dopsoy

0.30.10.952

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.SERGEYNIKITIN

15.4.24.0

Sophos

Mal/Generic-S

4.98

Total Defense

Win32/Tnega.GFfGNZ

37.0.11540

Trend Micro House Call

Suspicious_GEN.F47V1123

7.2.330

VIPRE Antivirus

Trojan.Win32.Generic

39198

Zillya! Antivirus

Trojan.Agent.Win32.508728

2.0.0.2134

File size:

17.3 KB (17,696 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\download.exe

Digital Signature

Signed by:

SERGEY NIKITIN

Authority:

DigiCert Inc

Valid from:

10/7/2014 1:00:00 AM

Valid to:

12/10/2015 12:00:00 PM

Subject:

CN=SERGEY NIKITIN, O=SERGEY NIKITIN, L=Zaporizhia, S=Zaporizhska, C=UA

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

09AC2E40E63C571406766ECB110DAD9A

File PE Metadata

Compilation timestamp:

10/15/2014 11:31:17 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

96:prYeEQKZRJIjdxXSQLQAwVDhFxGPDdiIntNDVzXtP1H25Y3cujJ53:meoZHIjPXLQAPJVJNgYMujX3

Entry address:

0x1070

Entry point:

55, 8B, EC, 83, EC, 24, A1, 00, 30, 40, 00, 33, C5, 89, 45, FC, 68, 78, 20, 40, 00, FF, 15, 0C, 20, 40, 00, 89, 45, E4, A1, 84, 20, 40, 00, 89, 45, E8, 8B, 0D, 88, 20, 40, 00, 89, 4D, EC, 8B, 15, 8C, 20, 40, 00, 89, 55, F0, A1, 90, 20, 40, 00, 89, 45, F4, 8B, 0D, 94, 20, 40, 00, 89, 4D, F8, 83, 7D, E4, 00, 74, 36, C7, 45, DC, 00, 00, 00, 00, C7, 45, E0, 40, 10, 01, 00, 68, 10, 27, 00, 00, 6A, 00, 8B, 55, E0, 52, 6A, 00, 8D, 45, E8, 50, 6A, 00, E8, 1B, FF, FF, FF, 83, C4, 18, 89, 45, DC, 8B, 4D, E4, 51, FF... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

1024 Bytes (1,024 bytes)

The file download.exe has been seen being distributed by the following URL.

http://storagen.org/Download.exe

Remove download.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.