home

freedailymotiondownloader_3.0.0.exe

FreeDailymotionDownloader

Anton Panin

The application freedailymotiondownloader_3.0.0.exe, “FreeDailymotionDownloader Setup ” by Anton Panin has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from files.downloadnow.com and multiple other hosts.
Publisher:
SneakyStreams.com   (signed by Anton Panin)

Product:
FreeDailymotionDownloader

Description:
FreeDailymotionDownloader Setup

MD5:
9b2363471c4c57de64187d1eeabc9335

SHA-1:
3cbc7950ebcf639134a3ab5ef4a35344e2565047

SHA-256:
c53dd58976e5a13131fa92601a21a283b6a443b52227964d1a28ae34dd784556

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
4/24/2024 1:36:42 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3172

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.2357

Malwarebytes
PUP.Optional.InstallMonetizer.A
v2015.03.12.01

McAfee
Artemis!9B2363471C4C
5600.6828

Qihoo 360 Security
Win32/Virus.Downloader.539
1.0.0.1015

Reason Heuristics
PUP.Installer.AntonPanin
15.3.12.13

Vba32 AntiVirus
Downloader.Agent
3.12.26.3

Zillya! Antivirus
Downloader.Agent.Win32.202183
2.0.0.1988

File size:
486 KB (497,640 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\freedailymotiondownloader_3.0.0.exe

Digital Signature
Signed by:
Anton Panin

Authority:
StartCom Ltd.

Valid from:
1/11/2014 4:21:54 PM

Valid to:
1/12/2016 5:03:57 PM

Subject:
E=veles83@gmail.com, CN=Anton Panin, L=Kstovo, S=Nizhny Novgorod Oblast, C=RU, Description=W7iWE9WUDMEwQToS

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0C66

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:9nvpVksqL8+iD45g3Dgks+0ubMcr0WqD6lN:9nvLXK865mgobv0W5X

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.6244

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file freedailymotiondownloader_3.0.0.exe has been seen being distributed by the following 2 URLs.

http://files.downloadnow.com/s/software/13/59/43/.../FreeDailymotionDownloader_3.0.0.exe

temp:FreeDailymotionDownloader_3.0.0.exe

Remove freedailymotiondownloader_3.0.0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.