home

DownloadAndExec.exe

Encompass Download and Exec

Ellie Mae

The executable DownloadAndExec.exe has been detected as malware by 8 anti-virus scanners. The file has been seen being downloaded from download.elliemae.com.
Publisher:
Ellie Mae

Product:
Encompass Download and Exec

Version:
1.00

MD5:
5239d4b0aaa23e8f7ec1dc5eb44f5558

SHA-1:
9c7c0eb21558cab35127efbcfa25fc9bdc4001ce

SHA-256:
62ca6fa50c36301c4ac6f2f5f5193b291c2799202c83ffaf2a97bef7cc84d767

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
4/19/2024 10:13:22 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Agent.32768.1231
8.3.1.6

avast!
Win32:Malware-gen
2014.9-151119

Comodo Security
TrojWare.Win32.TrojanDownloader.VB.PMEA
22715

ESET NOD32
probably unknown NewHeur_PE
9.11917

F-Prot
W32/VB-Downloader-Clueless-base
v6.4.7.1.166

IKARUS anti.virus
Trojan.Agent
t3scan.1.9.5.0

Qihoo 360 Security
Win32/Trojan.6e5
1.0.0.1015

ViRobot
Trojan.Win32.S.Agent.32768.PP[h]
2014.3.20.0

File size:
32 KB (32,768 bytes)

Product version:
1.00

Original file name:
DownloadAndExec.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\resumeinstallshortcut\downloadandexec.exe

File PE Metadata
Compilation timestamp:
7/13/2013 8:50:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
384:rTPeBk6ZMTAvo/59MyJh/zvammm/ZElOFv6YERDl0sc+Y:3K3A9MyLzSvyElOFv6ffN

Entry address:
0x1480

Entry point:
68, FC, 15, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, BF, 11, 6C, C3, F5, A6, C8, 4C, B8, BD, 09, 8E, AB, 4C, B6, 0F, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, B7, 00, 00, 00, 44, 6F, 77, 6E, 6C, 6F, 61, 64, 41, 6E, 64, 45, 78, 65, 63, 00, 00, 00, 00, 00, 01, 00, 00, 00, E4, 18, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 38, 19, 40, 00, 08, 60, 40, 00, 06, 00, 00, 00, 08, 15, 40, 00, 00, 00, 20, 00, 00, 00, 00, 00...
 
[+]

Entropy:
3.8527

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
20 KB (20,480 bytes)

The file DownloadAndExec.exe has been seen being distributed by the following URL.

http://download.elliemae.com/encompass/install/.../DownloadAndExec.exe

Remove DownloadAndExec.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.