» DrWebKeyDownloader.exe
Overview
Analysis
File Details

DrWebKeyDownloader.exe

DrWeb KeyDownloader

HomEDition Company

The application DrWebKeyDownloader.exe, “Утилита для обновления ключей на серию продуктов Dr.Web” by HomEDition Company has been detected as a potentially unwanted program by 22 anti-malware scanners.

File name:

Publisher:

Product:

DrWeb KeyDownloader

Description:

Утилита для обновления ключей на серию продуктов Dr.Web

Version:

1.0.0.0

MD5:

07590a3022d8dcf9a6655a0b22b25e99

SHA-1:

48070628c8a6b217b43ac6684de4a5a53b40425c

SHA-256:

217add27bf62ae94e197cb60dc0ade31032ef8e734a2de870af88ef8a4af8668

Scanner detections:

22 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 10:47:18 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.8895988

352

Agnitum Outpost

Packed/PECompact

7.1.1

Avira AntiVirus

TR/Rogue.kdv.704948

7.11.210.224

avast!

Win32:PUP-gen [PUP]

2014.9-160217

AVG

Agent3

2017.0.2830

Bitdefender

Trojan.Generic.8895988

1.0.20.240

Emsisoft Anti-Malware

Trojan.Generic.8895988

8.16.02.17.11

F-Secure

Trojan.Generic.8895988

11.2016-17-02_4

G Data

Trojan.Generic.8895988

16.2.25

IKARUS anti.virus

Trojan.Win32.Webprefix

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.196.14999

McAfee

Artemis!07590A3022D8

5600.6486

MicroWorld eScan

Trojan.Generic.8895988

17.0.0.144

NANO AntiVirus

Trojan.Win32.Agent2.ybzwt

0.30.0.126

Norman

Obfuscated_L

11.20160217

nProtect

Trojan.Generic.8895988

15.02.17.01

Rising Antivirus

PE:Trojan.Win32.Generic.13596921!324626721

23.00.65.16215

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_SPNR.03EF13

7.2.48

Trend Micro

TROJ_SPNR.03EF13

10.465.17

VIPRE Antivirus

Trojan.Win32.Generic

37672

ViRobot

Trojan.Win32.A.Agent.612304[h]

2014.3.20.0

File size:

598 KB (612,304 bytes)

Product version:

1.0.0.0

Trademarks:

HomEDition Company © www.homedition.ru

Original file name:

DrWebKeyDownloader.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\dr.web security space_anti-virus v7.0.1.08090 final\dr.web keydownloader\drwebkeydownloader.exe

Digital Signature

Signed by:

HomEDition Company

Authority:

HomEDition Company

Valid from:

11/5/2010 3:00:00 AM

Valid to:

9/8/2087 3:59:59 AM

Subject:

E=www.homedition.ru, CN=HomEDition Company, O=HomEDition Company, C=RU

Issuer:

E=www.homedition.ru, CN=HomEDition Company, O=HomEDition Company, C=RU

Serial number:

4626AA7D541BA3428B302D7D03B2F38D

File PE Metadata

Compilation timestamp:

6/20/1992 2:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:D/WzO7QHmzQcGSDI1C6vr10B9Zi6+FbOMahIkzsfbsE4nonge8E:EOLDhqr2UFaMcrgDsE4onf

Entry address:

0x1000

Entry point:

B8, 60, B7, 5A, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 13, 5F, AC, 93, F6, DA, 0E, 4A, 3E, 62, 1D, 64, 84, 49, A8, 0C, 99, B2, F5, 69, 35, D4, 52, AF, E7, 82, B9, EB, DF, 2D, 10, 58, 9D, 2C, 53, 6F, DB, B4, BA, 04, CA, 57, 70, 2E, 65, 41, 62, 6B, E6, C4, 11, E3, A8, C2, 37, 69, F9, 84, 10, 02, 10, 38, 78, 14, 89, CE, DD, 95, 1C, 6A, FB, B9, 12, 6F, 24, BF, 66, E3, AD, 8E, 1C, 65, AF, 58, 61, ED, 9D, 51, DD, BB, 6E, 20, E2... 
[+]

Packer / compiler:

PECompact v2

Code size:

1.4 MB (1,444,864 bytes)

Remove DrWebKeyDownloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.