home

fwdownloader_33v3r.exe

nloader Application

Nival, Inc.

This is a setup program which is used to install the application. The file has been seen being downloaded from play.zzima.com and multiple other hosts.
Publisher:
Nival  (signed by Nival, Inc.)

Product:
nloader Application

Version:
1, 0, 0, 291

MD5:
ae338c0ce20fffd4b8a0db45d1780e5a

SHA-1:
f384366226304fa62b48dd4096f32dbc2f07d0a1

SHA-256:
e715ca91898e4f16abd714a688838de194fae8fa3a8f84acd9ac6d583e6d9896

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 4:08:07 AM UTC  (today)

File size:
2.3 MB (2,420,048 bytes)

Product version:
1, 0, 0, 291

Copyright:
Copyright (C) Nival 2012

Original file name:
nloader.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\fwdownloader_33v3r.exe

Digital Signature
Signed by:
Nival, Inc.

Authority:
Thawte, Inc.

Valid from:
12/12/2011 5:00:00 AM

Valid to:
12/12/2013 4:59:59 AM

Subject:
CN="Nival, Inc.", O="Nival, Inc.", L=Los Angeles, S=California, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1B881C15021886A6326611639B86C13A

File PE Metadata
Compilation timestamp:
4/10/2013 7:05:47 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:VZafDMvPTaondL7t1EbGvpzAJDBjX7nQ+rv8XsKoc5BOrPpSwW5UEkBKFpwA1EiJ:ZvBdASaPDDPvmzbMG5TMKFJv1SluGAga

Entry address:
0x1716AE

Entry point:
E8, F3, F3, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, D8, 09, 5F, 00, A3, DC, 09, 5F, 00, A3, E0, 09, 5F, 00, A3, E4, 09, 5F, 00, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 0D, 64, 69, 5E, 00, 56, 39, 50, 04, 74, 0F, 8B, F1, 6B, F6, 0C, 03, 75, 08, 83, C0, 0C, 3B, C6, 72, EC, 6B, C9, 0C, 03, 4D, 08, 5E, 3B, C1, 73, 05, 39, 50, 04, 74, 02, 33, C0, 5D, C3, FF, 35, E0, 09, 5F, 00, E8, 72, 7D, 00, 00, 59, C3, 6A, 20, 68, C0, A4, 5C, 00, E8, EE, 9C, 00, 00, 33, FF, 89, 7D, E4, 89, 7D, D8...
 
[+]

Code size:
1.7 MB (1,764,864 bytes)

The file fwdownloader_33v3r.exe has been seen being distributed by the following 2 URLs.

http://play.zzima.com/forsaken2/?ref=A2764&redirect=http://.../FWdownloader.exe

http://fw-updates.nivalnetwork.com/FWdownloader_33v3r.exe

Scan fwdownloader_33v3r.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.