home

ejay_hiphop4_downloader.exe

Download Manager

Yelsi AG

This is a setup program which is used to install the application. The file has been seen being downloaded from downloader.ejay.com.
Publisher:
Yelsi AG  (signed and verified)

Product:
Download Manager

Version:
1, 3, 2, 3

MD5:
97ec09996a0db5bb8c4b5a75607089bc

SHA-1:
7d7442793807d59a3174dd4992cec19dcca6d6e6

SHA-256:
407d8a3787196a88151fda1def7e5a6025934b3068b82dde8980ab4202e67f9e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 11:02:55 PM UTC  (a few moments ago)

File size:
949.8 KB (972,592 bytes)

Product version:
1, 3, 2, 3

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Common path:
C:\users\{user}\downloads\ejay_hiphop4_downloader.exe

Digital Signature
Signed by:
Yelsi AG

Authority:
GoDaddy.com, Inc.

Valid from:
8/27/2010 1:00:32 PM

Valid to:
8/12/2011 1:59:03 AM

Subject:
CN=Yelsi AG, O=Yelsi AG, L=Walchwil, S=Zug, C=CH

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4E8515AB628DA3

File PE Metadata
Compilation timestamp:
10/25/2010 11:44:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:5atG6KbHwFYsr6otQQgrSOUDD7o3bRMT/+elN/A0YOnv0:53xbQL6f/UH7A2+elNIROv0

Entry address:
0x4DA8C

Entry point:
B8, BC, BB, 69, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 57, B3, 93, FD, 6A, C6, 2A, E4, 37, 12, FE, 1D, F1, 50, 73, A4, 72, D7, 8D, E5, 21, 62, 90, B7, 2B, BD, 4E, C8, 27, 28, 0B, 28, CF, 12, A9, 5F, 64, DC, 0D, 40, 04, 50, 01, 5C, BD, 89, 18, F5, 02, 31, 31, 59, 29, 99, E6, C9, AB, 1E, 8E, 7C, 30, AC, 84, D4, 58, 3E, 0B, 94, 1F, 85, 1A, 66, BC, 8C, 61, AB, B4, 4F, DA, CF, 1C, 35, A2, 7D, 92, B0, DB, AD, 43, 13, 12, 22, 33...
 
[+]

Packer / compiler:
PECompact v2

Code size:
1.7 MB (1,810,432 bytes)

The file ejay_hiphop4_downloader.exe has been seen being distributed by the following URL.

http://downloader.ejay.com/deploy/.../ejay_hiphop4_downloader.exe

Scan ejay_hiphop4_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.