home

downloader.exe

A4 TOV

The application downloader.exe by A4 TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
A4 TOV  (signed and verified)

MD5:
b10a1e5561dded20b49e93648dcd51dd

SHA-1:
4cef48f7ef9510429ee1f44974134643e3c4ed0d

SHA-256:
f5127f9f8f166abd11bd34ed32bf3a2bf52622848707fd9130293c6a388b339b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/12/2024 4:05:40 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize (M)
17.3.15.5

File size:
2.4 MB (2,535,392 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\programs\downloader.exe

Digital Signature
Signed by:
A4 TOV

Authority:
COMODO CA Limited

Valid from:
9/17/2015 7:00:00 AM

Valid to:
9/17/2016 6:59:59 AM

Subject:
CN=A4 TOV, O=A4 TOV, STREET=Bud. 29 vul.Shchorsa, L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
27FB5DEC4CCFD4F3CF69A6B639C6AD4B

File PE Metadata
Compilation timestamp:
9/23/2015 5:32:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x50E8BA

Entry point:
68, 23, 0A, C6, 1D, E8, 88, DD, DB, FF, AA, 01, AE, A5, 55, C0, 40, AE, A6, 87, 4E, 7A, AF, A6, D7, 46, BB, 50, 5A, 37, 58, ED, AF, A5, 7C, 05, 96, 50, 5A, E4, 59, BF, AF, A5, 2A, 8D, 82, AF, A6, AA, BE, 1B, AE, A6, 29, F4, 4F, 50, 5A, F2, 24, 8D, 51, 59, 2D, C3, 5C, AF, A5, 81, 4E, A8, AF, A6, A8, 2D, 7A, AE, A6, B6, C8, 0D, 5D, DE, D6, C1, 5A, 81, 2E, 5D, C0, 59, 00, DD, 60, AA, 6A, 1C, C0, 59, 18, 20, A4, C4, 72, FC, AF, A5, 8E, CB, 0E, 55, D6, 02, AF, A6, 94, 7E, 0E, 52, E8, B3, 51, 5A, 18, 4C, F1, AD...
 
[+]

Code size:
2.4 MB (2,474,496 bytes)

Remove downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.