home

downloader.exe

MD5:
e0446e57134786b2ff9ace1f03186cf3

SHA-1:
a4db0630ef13a0b90ab7b2a7b0ac61bc249327af

SHA-256:
62d3fd5651838c74c2a7cd618392a83005ba7b9474b53dcb2b57b4c209f530b3

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
7/16/2025 6:07:48 PM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/VB-Dialog-Spyer-based!Maxim (damaged)
4.6.5.141

File size:
128.2 KB (131,236 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\downloader.exe

File PE Metadata
Compilation timestamp:
5/17/2013 2:29:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:0TZ9s7ce60tf51TuqcHz8bHh6FKAcglhsFPylow2N0c0L1zRw08B9XcBMp1scViN:0TZ9FUfuqcHz8bHh6FKAcglhsFalow28

Entry address:
0x72DC

Entry point:
68, 1C, 7A, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 6B, F2, BF, 09, D0, F8, 22, 48, 87, E7, 4C, BB, 31, 78, E6, 60, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 04, 00, 00, 00, 65, 53, 63, 72, 69, 70, 74, 69, 6F, 6E, 44, 6F, 77, 6E, 6C, 6F, 61, 64, 65, 72, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 0B, 55, FE, D2, 4F, 7D, 2F, F8, 48, 8C, 86, 46, F2, 45, 00, CA, 3D, 92, 93, 46, B0, 8E, BA, 76, 4A, B3, 2B, 60, 27, B5, 48, 30, EB, 3A, 4F, AD...
 
[+]

Entropy:
5.2589

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
248 KB (253,952 bytes)

The file downloader.exe has been seen being distributed by the following URL.

https://sutterhealth.escriptionasp.com/Downloads/.../downloader.exe

Scan downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.