home

downloadsetup_156yu.exe

Buon software Winner Media Player

STROYBIZNESPROYEKT

This is the bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application downloadsetup_156yu.exe by STROYBIZNESPROYEKT has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the Winner Download Manager installer.
Publisher:
Buon software  (signed by STROYBIZNESPROYEKT)

Product:
Buon software Winner Media Player

Description:
Un buon software

Version:
1.1.1.1

MD5:
8c1ac30d0a311a40b20b2e15c8d9c8f1

SHA-1:
a595c308bed65ec70c00d97f638c885aff97b328

SHA-256:
858afab4b916336d07f9e1709cbacec0bdb638f081746d9b22d8f8de3f0a321e

Scanner detections:
5 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/24/2024 12:51:43 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen4
7.11.182.116

AVG
Generic
2015.0.3305

ESET NOD32
Win32/bmMedia.DV (variant)
8.10646

Reason Heuristics
PUP.Installer.STROYBIZNESPROYEKT.T
14.11.3.21

VIPRE Antivirus
Threat.5064464
34232

File size:
2.2 MB (2,289,664 bytes)

Product version:
1.1.1.1

Copyright:
All rights reserved. Buon software

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Winner Download Manager

Common path:
C:\users\{user}\downloadsetup_156yu.exe

Digital Signature
Signed by:
STROYBIZNESPROYEKT

Authority:
COMODO CA Limited

Valid from:
8/28/2014 3:00:00 AM

Valid to:
8/29/2015 2:59:59 AM

Subject:
CN=STROYBIZNESPROYEKT, O=STROYBIZNESPROYEKT, STREET="DAYEV , 6, building 2 ,5", L=Moscow, S=Moscow, PostalCode=107045, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1D44742705823C0AFB07BC0CADFC9E7F

File PE Metadata
Compilation timestamp:
10/27/2014 9:36:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:PEy2uU5TPUN3IeK1SV8fsdjsHFKgSbDCXXcHA+BUFpLSsasMesahHMzmdng8s7hn:MyU5WOSBlSikU6SgwvB4A

Entry address:
0x2BA52

Entry point:
55, 89, E5, 81, EC, 84, 01, 00, 00, 68, FE, 91, 41, 00, E8, 9F, 6E, FF, FF, 8B, 45, 10, C7, 45, F4, 60, 83, 43, 00, 85, C7, 75, 0F, 8B, FE, 2B, 79, 0C, 83, C6, FC, C1, EF, 0F, 8B, CF, D3, EB, 8D, 44, B8, 44, 09, 18, EB, F6, E8, 19, 87, 00, 00, 6A, 16, 50, 8B, 55, 0C, 2B, 55, 08, 52, E8, C4, 60, 00, 00, 83, C4, 04, E9, F3, FF, FF, FF, 5E, 8B, 4D, F4, E8, 17, 49, FE, FF, 8B, 85, 44, FB, FF, FF, 8B, 48, 04, 8D, 8C, 0D, 44, FB, FF, FF, E8, 3D, 11, FF, FF, 59, 33, C0, 59, 8B, C6, 5B, 5F, 89, 9E, AC, 00, 00, 00...
 
[+]

Code size:
212 KB (217,088 bytes)

Remove downloadsetup_156yu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.