» downloadfilesetup_41yqk.exe
Overview
Analysis
File Details

downloadfilesetup_41yqk.exe

Winner Download Manager (7186)

TIMP

This is the bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application downloadfilesetup_41yqk.exe by TIMP has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Winner Download Manager installer.

File name:

Publisher:

OOO TIMP LTD (8442) (signed by TIMP)

Product:

Winner Download Manager (7186)

Description:

Setup2192.exe

Version:

2.2.3.7

MD5:

719f1843281bc2d0f38bfa36ed45be3a

SHA-1:

850aa05a2b4f4a316c64a9d24c4c27af4a1aa302

SHA-256:

e0eca59f0e3e202ea261be5bbb8c4f5973e3eb00b07ef57242b981f21d9e60d5

Scanner detections:

19 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 12:56:16 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.155786

856

avast!

Win32:Adware-gen [Adw]

140929-0

AVG

Generic

2015.0.3334

Bitdefender

Gen:Variant.Graftor.155786

1.0.20.1375

Clam AntiVirus

Win.Adware.Agent-14933

0.98/19466

Dr.Web

Trojan.Packed.28589

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Graftor.155786

8.14.10.02.07

ESET NOD32

Win32/bmMedia.AC potentially unwanted application

7.0.302.0

F-Secure

Gen:Variant.Graftor.155786

11.2014-02-10_5

G Data

Gen:Variant.Graftor.155786

14.10.24

K7 AntiVirus

Unwanted-Program

13.183.13550

MicroWorld eScan

Gen:Variant.Graftor.155786

15.0.0.825

NANO AntiVirus

Riskware.Win32.Winner.dfgrwd

0.28.2.62440

nProtect

Trojan-Clicker/W32.Winner.2183168

14.10.02.01

Panda Antivirus

Trj/Genetic.gen

14.10.02.07

Reason Heuristics

PUP.Installer.TIMP.X

14.10.8.13

Vba32 AntiVirus

AdWare.Winner

3.12.26.3

VIPRE Antivirus

Threat.4150696

33520

Zillya! Antivirus

Adware.Winner.Win32.21

2.0.0.1940

File size:

2.1 MB (2,183,168 bytes)

Product version:

1.1.195.7904

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Winner Download Manager

Digital Signature

Signed by:

TIMP

Authority:

COMODO CA Limited

Valid from:

9/1/2014 4:00:00 AM

Valid to:

9/2/2015 3:59:59 AM

Subject:

CN=TIMP, O=TIMP, STREET="Proyezd Vnutrenniy, 8", L=Moscow, S=Moscow, PostalCode=117149, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

523FE28F7AE04335278617EAE3F6F472

File PE Metadata

Compilation timestamp:

9/10/2014 3:37:05 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:WfzUANASlTnyXybz5k4GOGa/OM4gfarV7R:g4G7tkE3rZ+7R

Entry address:

0x19914

Entry point:

55, 8B, EC, 6A, FF, 68, B0, C2, 41, 00, 68, 96, 98, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 68, A1, 41, 00, 59, 83, 0D, A0, CF, 60, 00, FF, 83, 0D, A4, CF, 60, 00, FF, FF, 15, 60, A1, 41, 00, 8B, 0D, 9C, CF, 60, 00, 89, 08, FF, 15, 58, A1, 41, 00, 8B, 0D, 98, CF, 60, 00, 89, 08, A1, 74, A1, 41, 00, 8B, 00, A3, A8, CF, 60, 00, E8, 0A, 01, 00, 00, 39, 1D, 88, CF, 60, 00, 75, 0C, 68, 8A, 9A, 41, 00, FF, 15, 94, A1... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

100 KB (102,400 bytes)

Remove downloadfilesetup_41yqk.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.