home

downloader.exe

A4 TOV

The application downloader.exe by A4 TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
A4 TOV  (signed and verified)

Description:
Setup/Uninstall

Version:
51.49.0.0

MD5:
a9ecf3647a3dfb908e991aa02516a9e7

SHA-1:
9b36172455807e112ba0e9a3ba6b76993fd9f94c

SHA-256:
fbd88000564d9a96834581d65ed8cab5d781c3ce330a14ece2e6eeea8a67bdf5

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/13/2024 5:51:23 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize (M)
17.3.12.20

File size:
1.5 MB (1,569,760 bytes)

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\programs\downloader.exe

Digital Signature
Signed by:
A4 TOV

Authority:
COMODO CA Limited

Valid from:
9/17/2015 2:00:00 AM

Valid to:
9/17/2016 1:59:59 AM

Subject:
CN=A4 TOV, O=A4 TOV, STREET=Bud. 29 vul.Shchorsa, L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
27FB5DEC4CCFD4F3CF69A6B639C6AD4B

File PE Metadata
Compilation timestamp:
9/30/2015 9:32:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x352EDB

Entry point:
68, 71, 46, A0, 98, E8, 7F, B8, E9, FF, 7B, BA, 9D, 01, 06, 89, E4, 60, FE, 2D, D5, F5, 61, FE, 6C, AA, DF, 9C, 01, CE, E1, 37, 9E, 01, 8C, BA, F8, 60, FE, 73, 4B, 9C, 9D, 01, 3F, 8F, A1, 9E, 01, 16, 7E, 21, 60, FE, 98, 19, 2A, 38, 01, 39, 3F, FE, 44, 10, 3B, C0, 01, F3, 36, 51, 1B, E1, 14, 5C, FE, B2, 84, D4, 03, E5, 52, 3E, FE, AC, 77, A5, C0, 01, 16, 76, 6D, 3D, FE, EA, 01, A6, 3E, FE, A4, 01, 61, C0, 01, 29, 24, C6, C0, 01, D5, 90, 68, 3F, FE, 3C, 55, 15, 3F, FE, 98, 87, 23, C0, 01, 9F, A4, 65, C0, 01...
 
[+]

Code size:
1.5 MB (1,558,016 bytes)

Remove downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.