home

downloader.exe

eScriptionDownloader

Axiom Technologies

The executable downloader.exe has been detected as malware by 1 anti-virus scanner. The file has been seen being downloaded from umichhs.escriptionasp.com.
Publisher:
Axiom Technologies

Product:
eScriptionDownloader

Version:
10.24

MD5:
20bd043bc3c079ddf7e7da41dab4c813

SHA-1:
fe5f6af61af6841717a78151ab7c723fbe3e68a6

SHA-256:
ea844771c1c81bf63c20fbec3e9833572afbf4d2f7d50a2c02e6e089f887d1d5

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
7/17/2025 2:04:59 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.1.27.15

File size:
276.1 KB (282,697 bytes)

Product version:
10.24

Original file name:
eScriptionDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\downloader.exe

File PE Metadata
Compilation timestamp:
10/23/2014 6:37:59 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:ke3oVou0ou9iHzubHh6Z4AcgvlsBNv1w2NO3w08B91EcBsp1scViwzmjfum8aMoR:p4Ad1/aChP

Entry address:
0x72DC

Entry point:
68, 8C, 96, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 5D, A8, 00, 1E, E7, D8, F8, 47, 96, E0, C5, C7, 7B, F7, E2, 77, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 41, 00, 86, 50, 82, 01, 45, 53, 44, 6F, 77, 6E, 6C, 6F, 61, 64, 65, 72, 56, 31, 30, 00, 00, 00, 00, 00, FF, CC, 31, 00, 0B, 01, 61, 23, 74, AC, 87, C0, 4B, B0, 29, 44, 38, D0, 13, 5D, 8E, D0, 6A, B0, C0, 1F, 65, 1B, 4C, 87, 9A, A3, 5E, 15, C6, A9, A6, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
5.6009

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
256 KB (262,144 bytes)

The file downloader.exe has been seen being distributed by the following URL.

https://umichhs.escriptionasp.com/Downloads/.../downloader.exe

Remove downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.