home

ejay_hiphop5_reloaded_downloader.exe

Download Manager

Yelsi AG

This is a setup program which is used to install the application. The file has been seen being downloaded from www.tamindir.com and multiple other hosts.
Publisher:
Yelsi AG  (signed and verified)

Product:
Download Manager

Version:
1, 3, 2, 3

MD5:
630040573853a3b1623082637b39fb4c

SHA-1:
5c5baf9e2b5593ac88bc99810d28ef89582707fc

SHA-256:
1a260e271176e330701a7f4c9c2cd50753ec38c1488d356db7e3305f8bf53130

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/26/2024 1:32:57 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PECompact
7.1.1

File size:
950.3 KB (973,104 bytes)

Product version:
1, 3, 2, 3

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Common path:
C:\users\{user}\downloads\ejay_hiphop5_reloaded_downloader.exe

Digital Signature
Signed by:
Yelsi AG

Authority:
GoDaddy.com, Inc.

Valid from:
8/27/2010 12:00:32 PM

Valid to:
8/12/2011 12:59:03 AM

Subject:
CN=Yelsi AG, O=Yelsi AG, L=Walchwil, S=Zug, C=CH

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4E8515AB628DA3

File PE Metadata
Compilation timestamp:
10/25/2010 10:48:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:0atG6KbHwFYsr6otQQgrSOUDD7o3bRMT/+eBaqZvJ:03xbQL6f/UH7A2+eBa4J

Entry address:
0x4DA8C

Entry point:
B8, BC, BB, 69, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 57, B3, 93, FD, 6A, C6, 2A, E4, 37, 12, FE, 1D, F1, 50, 73, A4, 72, D7, 8D, E5, 21, 62, 90, B7, 2B, BD, 4E, C8, 27, 28, 0B, 28, CF, 12, A9, 5F, 64, DC, 0D, 40, 04, 50, 01, 5C, BD, 89, 18, F5, 02, 31, 31, 59, 29, 99, E6, C9, AB, 1E, 8E, 7C, 30, AC, 84, D4, 58, 3E, 0B, 94, 1F, 85, 1A, 66, BC, 8C, 61, AB, B4, 4F, DA, CF, 1C, 35, A2, 7D, 92, B0, DB, AD, 43, 13, 12, 22, 33...
 
[+]

Entropy:
7.8996

Packer / compiler:
PECompact v2

Code size:
1.7 MB (1,810,432 bytes)

The file ejay_hiphop5_reloaded_downloader.exe has been seen being distributed by the following 3 URLs.

http://www.tamindir.com/indir/MjAxNi0wNy0yMyAxNToxNzo1Mg==/ejay-hiphop/windows/.../

http://cdn.portalprogramas-download.com/d/.../Ejay-Hip-Hop-5-Reloaded

http://downloader.ejay.com/deploy/.../ejay_hiphop5_reloaded_downloader.exe

Scan ejay_hiphop5_reloaded_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.