home

downloader.exe

Download4.0 Module

Beijing ELEX Technology Co.,Ltd

The application downloader.exe by Beijing ELEX Technology Co.,Ltd has been detected as a potentially unwanted program by 15 anti-malware scanners. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).It is also typically executed from the user's temporary directory.
Publisher:
Beijing ELEX Technology Co.,Ltd  (signed and verified)

Product:
Download4.0 Module

Version:
4.1.0.1521

MD5:
62b1d7957971955b865f98e0ba470595

SHA-1:
6831c2393eaacff7bdcc14282d4d6636480476ba

SHA-256:
0f5cfdcc24a1d6bf7a7778dd1ced68ea8f11362f8d437ddcdaaf098338647bf2

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
4/18/2024 8:24:35 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.218.126

avast!
Win32:Adware-gen [Adw]
2014.9-160131

AVG
MalSign.Generic
2017.0.2848

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.16131

ESET NOD32
Win32/ELEX.C potentially unwanted (variant)
10.11346

Fortinet FortiGate
Riskware/Elex
1/31/2016

IKARUS anti.virus
AdWare.Win32.ELEX
t3scan.2.0.127

K7 AntiVirus
Trojan
13.202.15316

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
14.0.0.733

Qihoo 360 Security
HEUR/QVM11.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.ELEX.BeijingELEXTechnology (M)
16.1.31.11

Sophos
Mal/Cleaman-B
4.98

Trend Micro House Call
Suspicious_GEN.F47V0313
7.2.31

VIPRE Antivirus
Elex Installer
20592

File size:
235.9 KB (241,512 bytes)

Product version:
4.1.0.1521

Copyright:
Copyright 2012

Original file name:
Download4.0.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\downloader.exe

Digital Signature
Signed by:
Beijing ELEX Technology Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
5/25/2012 2:00:00 AM

Valid to:
7/25/2013 1:59:59 AM

Subject:
CN="Beijing ELEX Technology Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing ELEX Technology Co.,Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
27BF924EA3BB364A9C0278C0BA682879

File PE Metadata
Compilation timestamp:
1/4/2013 3:09:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:Gsdnsa88nip6WDsC1ac0GfNn7E57uAAJeyKBSdX/x:GsVR88ninDacnlnoRAJeyKa5

Entry address:
0x8EAA0

Entry point:
60, BE, 00, 70, 46, 00, 8D, BE, 00, A0, F9, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
160 KB (163,840 bytes)

Remove downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.