home

download.setup_30erl.exe

Winner Download Manager (1035)

TIMP

This is the bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application download.setup_30erl.exe by TIMP has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the Winner Download Manager installer.
Publisher:
OOO TIMP LTD (4943)  (signed by TIMP)

Product:
Winner Download Manager (1035)

Description:
Setup8723.exe

Version:
2.2.3.7

MD5:
4fcfc0af940c10d711421c9f7bb4406c

SHA-1:
5b7252b94b1c24045e8acdf99183c3945973ef73

SHA-256:
45e4d0f7345628e0f30aab0d16832109b2e27d2bc916975f9701137666186803

Scanner detections:
28 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/16/2024 8:04:26 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.OKC
5563212

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/Agent.okc.1
8.3.1.6

avast!
Win32:PUP-gen [PUP]
150525-2

AVG
Generic
2016.0.3096

Bitdefender
Adware.Agent.OKC
1.0.20.735

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Agent-11265
0.98/20507

Comodo Security
Application.Win32.bmMedia.BSE
22250

Dr.Web
Trojan.Packed.28589
9.0.1.05190

Emsisoft Anti-Malware
Adware.Agent.OKC
10.0.0.5366

ESET NOD32
Win32/bmMedia.AA potentially unwanted application
7.0.302.0

Fortinet FortiGate
W32/Kryptik.CZVB!tr
5/27/2015

F-Prot
W32/A-d064477d
v6.4.7.1.166

F-Secure
Adware.Agent.OKC
5.14.151

G Data
Adware.Agent.OKC
15.5.25

IKARUS anti.virus
AdWare.Agent
t3scan.1.9.2.0

K7 AntiVirus
Trojan
13.204.16045

MicroWorld eScan
Adware.Agent.OKC
16.0.0.441

NANO AntiVirus
Trojan.Win32.BmMedia.dfehus
0.30.24.1636

Norman
Adware.Agent.OKC
03.12.2014 13:20:04

nProtect
Adware.Agent.OKC
15.05.27.01

Panda Antivirus
Trj/Genetic.gen
15.05.27.12

Quick Heal
AdWare.Winner.A4
5.15.14.00

Reason Heuristics
PUP.TIMP.Bundler
15.5.27.7

Vba32 AntiVirus
AdWare.Winner
3.12.26.4

VIPRE Antivirus
Threat.4150696
40552

Zillya! Antivirus
Adware.Winner.Win32.10
2.0.0.2190

File size:
2.1 MB (2,191,360 bytes)

Product version:
1.1.195.9973

Copyright:
All rights reserved. Copyright 2013-2014. (6353)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Winner Download Manager

Common path:
C:\users\{user}\downloads\download.setup_30erl.exe

Digital Signature
Signed by:
TIMP

Authority:
COMODO CA Limited

Valid from:
9/1/2014 4:00:00 AM

Valid to:
9/2/2015 3:59:59 AM

Subject:
CN=TIMP, O=TIMP, STREET="Proyezd Vnutrenniy, 8", L=Moscow, S=Moscow, PostalCode=117149, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
523FE28F7AE04335278617EAE3F6F472

File PE Metadata
Compilation timestamp:
9/9/2014 6:31:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:VAO/VdmP47sZoV5Qk0vN7fQjIQ3x5FU48cmLx8dfQu9oxkmh5/nP7TNmbBDcSlBy:VBb2k0MIs7iL9+sZ7BABD5GoGHiZNu

Entry address:
0x1C0A8

Entry point:
55, 8B, EC, 6A, FF, 68, A0, F2, 41, 00, 68, 60, C2, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, A4, D0, 41, 00, 59, 83, 0D, D0, FE, 60, 00, FF, 83, 0D, D4, FE, 60, 00, FF, FF, 15, 94, D0, 41, 00, 8B, 0D, CC, FE, 60, 00, 89, 08, FF, 15, A8, D0, 41, 00, 8B, 0D, C8, FE, 60, 00, 89, 08, A1, D4, D0, 41, 00, 8B, 00, A3, D8, FE, 60, 00, E8, 0A, 01, 00, 00, 39, 1D, B8, FE, 60, 00, 75, 0C, 68, 1E, C2, 41, 00, FF, 15, CC, D0...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
112 KB (114,688 bytes)

Remove download.setup_30erl.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.