home

ejay_dance5_downloader.exe

Download Manager

Yelsi AG

This is a setup program which is used to install the application. The file has been seen being downloaded from downloader.ejay.com.
Publisher:
Yelsi AG  (signed and verified)

Product:
Download Manager

Version:
1, 3, 2, 3

MD5:
ffe2a3553fdc0ea46b5b11589d566592

SHA-1:
7876fec74ec987adb19d4a629cba6946f35b2652

SHA-256:
2aa6b18d509090c60c3e4ecdd8aeb16e5f149807e3404c86892112710eab576d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/9/2024 2:30:57 PM UTC  (today)

File size:
949.8 KB (972,592 bytes)

Product version:
1, 3, 2, 3

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Common path:
C:\users\{user}\downloads\ejay_dance5_downloader.exe

Digital Signature
Signed by:
Yelsi AG

Authority:
GoDaddy.com, Inc.

Valid from:
8/27/2010 1:00:32 PM

Valid to:
8/12/2011 1:59:03 AM

Subject:
CN=Yelsi AG, O=Yelsi AG, L=Walchwil, S=Zug, C=CH

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4E8515AB628DA3

File PE Metadata
Compilation timestamp:
10/25/2010 11:45:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:5aNJ4ML/jtbWp/Bw/yoGmKVdHY9JpJ5qTo3Tj9Y3z8u+4hkHIBquE2WKDa:tMbZCxaqoGmK/nTo3TxYj8uRqvX

Entry address:
0x4DA8C

Entry point:
B8, BC, BB, 69, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 41, 48, 0A, 91, 17, 39, B3, BD, E6, 11, 5D, 2E, 9B, 25, 74, 5B, 3E, 3D, 0C, 99, 93, 09, BA, 4A, 67, 1A, BD, C7, C8, 66, 64, DE, C5, 77, 6C, 11, E0, 39, 9E, 45, 24, 6E, E2, 47, 4F, 55, 06, C7, DE, 68, 0F, 64, 4D, 9F, 8D, 75, 6B, CA, B9, 23, 5A, 7B, 69, C7, C6, F1, A2, B4, 51, 9E, C1, 06, DE, DB, E3, 5D, A8, EC, 9B, 45, 56, F7, 5A, 56, 20, 5B, 60, ED, 64, 85, C2, 9C, 35...
 
[+]

Packer / compiler:
PECompact v2

Code size:
1.7 MB (1,810,432 bytes)

The file ejay_dance5_downloader.exe has been seen being distributed by the following URL.

http://downloader.ejay.com/deploy/.../ejay_dance5_downloader.exe

Scan ejay_dance5_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.