home

ExeDownloader.exe

Exe Downloader

SafeApp Software, LLC

The application ExeDownloader.exe by SafeApp Software has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
SafeApp Software, LLC  (signed and verified)

Product:
Exe Downloader

Version:
1.00

MD5:
f102309f60ea99555a113f7b129da572

SHA-1:
bfc649c3e7cf7b747dd356bdda96984c771ba6d3

SHA-256:
1626a0cebb86285d0dff4dd149fe9746dda7ff1b1327cc3a710f3777a7663d4c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/4/2024 11:47:14 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SafeAppS (M)
16.3.20.4

File size:
202.3 KB (207,144 bytes)

Product version:
1.00

Copyright:
Copyright 2006-2015, SafeApp Software, LLC.

Original file name:
ExeDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\registry helper\cs\exedownloader.exe

Digital Signature
Signed by:
SafeApp Software, LLC

Authority:
VeriSign, Inc.

Valid from:
1/7/2015 1:00:00 AM

Valid to:
1/8/2016 12:59:59 AM

Subject:
CN="SafeApp Software, LLC", O="SafeApp Software, LLC", L=Harrison, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
057EF95AEE96D23091760F07BE8E21F1

File PE Metadata
Compilation timestamp:
8/21/2015 8:41:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:+lC9M4BPbNZgtEpzzME8mVBqzCPu9AhCbaY2Iij6EP9xRpaH1Gi:a2jgtENVBqzCPu9AhWaY2Iij6EPraHV

Entry address:
0x2C18

Entry point:
68, DC, 31, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 92, 70, 23, F7, 07, 7A, C9, 43, A8, 96, 25, 66, 40, 6D, A4, 4B, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 45, 78, 65, 44, 6F, 77, 6E, 6C, 6F, 61, 64, 65, 72, 00, 00, 00, 00, 00, 00, 00, 01, 00, 0F, 00, 5C, 5D, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 80, 60, 40, 00, B8, F7, 42, 00, 00, 00, 00, 00, 28, 82, AA, 03, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
184 KB (188,416 bytes)

Remove ExeDownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.