» grooveshark-music-downloader-1-0-es-en-br-fr-de-it-win.exe
Overview
Analysis
File Details
Downloads (1)
Network (5)

grooveshark-music-downloader-1-0-es-en-br-fr-de-it-win.exe

DownloadGuide

The application grooveshark-music-downloader-1-0-es-en-br-fr-de-it-win.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from dw.uptodown.com.

File name:

Product:

DownloadGuide

Version:

2.5.0.80

MD5:

f28cfaa5a3d3d2a5a1b0ca9968d9becd

SHA-1:

f09b5311c866606ae8dde0fc43be62192f3f1afe

SHA-256:

b02192b4b77c80ff4bbf8daa1789118609ce49e90bad69bb1c079167e27470e3

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

7/4/2025 7:42:48 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Covus.Bundler.Meta (M)

16.2.16.20

File size:

707.2 KB (724,193 bytes)

Product version:

2.5.0.80

Original file name:

DownloadGuide.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\grooveshark-music-downloader-1-0-es-en-br-fr-de-it-win.exe

File PE Metadata

Compilation timestamp:

9/16/2013 6:16:54 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:VzjcP4hjzgKWS+5a9p1rC71RqOBixELAXjd9ELMu78X:Vy4BMDl5Ap1rC7aWLAb+MugX

Entry address:

0x89A9E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.5079

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

543 KB (556,032 bytes)

The file grooveshark-music-downloader-1-0-es-en-br-fr-de-it-win.exe has been seen being distributed by the following URL.

http://dw.uptodown.com/dwn/Zp6TULRcL2nDT9ComWreKPszvyWXq5_9R-pT1y_jL1S76iz60yHWw1WUCmS4YSlz6f5-8uD-lAHPKfBa_AYGLMhWcOgpCGz06xIklIVTfpIN9JeOtSzpQsqrNu12qaJa/edt5IOSKdi64qVzp5bp0MNts1EC7G6LEeZrq6Nxf0p7qynYpKJ9pXWGKvj_4bMUcbxDwSZerUVgZsI4Bf5K_HKFPxgPtEzlx8BXEudQRZeQa8OtcGQv7O99f_weaMe2C/bqlasBnvrDeVg9gDngUeZaCJNJ2ESHwuf8906OLZrNuGvVzv_y9pWbrz8yyCo1ANYrqsExXgOfwPlM_GwY2MvGuEGf281ugoxVj02ndqIyxKrxf_lKcKZcyxkPjrlRXu/.../

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (54.231.81.64:80)

TCP (HTTP):

Connects to server-54-230-81-228.mia50.r.cloudfront.net (54.230.81.228:80)

Remove grooveshark-music-downloader-1-0-es-en-br-fr-de-it-win.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.