home

downloader.exe

Setup Downloader

YANDEX LLC

This is a setup and installation application. This is installed with Yandex.Disk. The file has been seen being downloaded from browser.yandex.ru and multiple other hosts.
Publisher:
YANDEX LLC  (signed and verified)

Product:
Setup Downloader

Version:
0.1.0.27

MD5:
6abaaafc40899fdcf61715371f1b46ec

SHA-1:
c46c4d31b2d1dbdaae75ecd978e2a06470b9f187

SHA-256:
85631facf71abe74a4b891678d1bbc3bf2cb7b8f313dd5c071366a7c2a4f1292

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/17/2024 12:17:04 AM UTC  (today)

File size:
153.8 KB (157,480 bytes)

Product version:
0.1.0.27

Copyright:
Copyright (C) 2014 Yandex LLC

Original file name:
downloader.exe

File type:
Executable application (Win32 EXE)

Language:
Rusça (Rusya)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\downloader.exe

Digital Signature
Signed by:
YANDEX LLC

Authority:
VeriSign, Inc.

Valid from:
1/15/2013 2:00:00 AM

Valid to:
1/16/2016 1:59:59 AM

Subject:
CN=YANDEX LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=YANDEX LLC, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3667E158B524C8FFBFE538172786F1E2

File PE Metadata
Compilation timestamp:
6/10/2014 4:14:56 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:UzLaOOKPkl38REPxaXyoh58IL5SboUQ+SfE0cxBMd+Gxcn:UzGLuIpPxjoXlLJ+SfEvyg

Entry address:
0x9420

Entry point:
E8, 49, 6E, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE...
 
[+]

Code size:
108.5 KB (111,104 bytes)

The file downloader.exe has been discovered within the following programs.

Yandex.Disk  by Yandex
Publisher's description - “Files on Yandex.Disk won't get lost if your phone or computer breaks. You'll have enough storage space for your most precious photos and important documents. Share your Yandex.Disk files with family, colleagues or friends. You control who has access to your files.”
disk.yandex.ru
20% remove it
 
Powered by Should I Remove It?

The file downloader.exe has been seen being distributed by the following 3 URLs.

http://browser.yandex.ru/.../?partner_id=planb&click_hash=52pnttixi8vv72a9ewwawdwiqdtf331s&download_date=1402638469&.exe

http://download.io.utorrent.com/.../spigot-yandex-en-20140708.exe

http://download.yandex.ru/yandex-pack/.../downloader.exe

Scan downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.