home

downloader.exe

Download4.0 Module

Beijing ELEX Technology Co.,Ltd

The application downloader.exe by Beijing ELEX Technology Co.,Ltd has been detected as a potentially unwanted program by 15 anti-malware scanners. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).It is also typically executed from the user's temporary directory.
Publisher:
Beijing ELEX Technology Co.,Ltd  (signed and verified)

Product:
Download4.0 Module

Version:
4.1.0.1521

MD5:
93230fa47744963e0c690d1e4611ee90

SHA-1:
97b04e8ad8ae102867ea6de19372611b85b06441

SHA-256:
da7d7c46a0a9d8e5ad76b21bc9f91dc50381746b0a52192d35b5c68e5d0c1678

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
4/25/2024 4:38:41 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.218.126

avast!
Win32:Adware-gen [Adw]
2014.9-160207

AVG
MalSign.Generic
2017.0.2840

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.1627

ESET NOD32
Win32/ELEX.C potentially unwanted (variant)
10.11346

Fortinet FortiGate
Riskware/Elex
2/7/2016

IKARUS anti.virus
AdWare.Win32.ELEX
t3scan.2.0.127

K7 AntiVirus
Trojan
13.202.15316

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
14.0.0.696

Qihoo 360 Security
HEUR/QVM11.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.ELEX.BeijingELEXTechnology (M)
16.2.7.20

Sophos
Mal/Cleaman-B
4.98

Trend Micro House Call
Suspicious_GEN.F47V0313
7.2.38

VIPRE Antivirus
Elex Installer
20592

File size:
236 KB (241,664 bytes)

Product version:
4.1.0.1521

Copyright:
Copyright 2012

Original file name:
Download4.0.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\downloader.exe

Digital Signature
Signed by:
Beijing ELEX Technology Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
5/25/2012 2:00:00 AM

Valid to:
7/25/2013 1:59:59 AM

Subject:
CN="Beijing ELEX Technology Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing ELEX Technology Co.,Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
27BF924EA3BB364A9C0278C0BA682879

File PE Metadata
Compilation timestamp:
1/4/2013 3:09:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:hsdnsa88nip6WDsC1ac0GfNn7E57uAAJeyKBSdX/p:hsVR88ninDacnlnoRAJeyKaB

Entry address:
0x8EAA0

Entry point:
60, BE, 00, 70, 46, 00, 8D, BE, 00, A0, F9, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
160 KB (163,840 bytes)

Remove downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.