home

installplus500.exe

Downloader

Plus500 LTD

This is a setup program which is used to install the application. This is the uninstaller utility registered in the Windows Control Panel for the program Plus500. The file has been seen being downloaded from download.plus500.bg.
Publisher:
Plus500 LTD  (signed and verified)

Product:
Downloader

Version:
24, 24, 24, 24

MD5:
3ee4ba8ff0aadd7bef1da49c486dcfd9

SHA-1:
7780a5fbd49be9c9da2b8d623a401f8d22ba5aaa

SHA-256:
20dc34a422290aa3378c3bf9fa5d66f6fe17e2f0217e1678f38bdd3ad198710d

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/28/2024 8:49:57 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.9669
9.0.1.05190

F-Secure
Gen:Variant.Adware.Mikey
11.2015-19-08_4

Trend Micro House Call
HV_ZYX_BK08273A.TOMC
7.2.231

File size:
375.5 KB (384,488 bytes)

Product version:
24, 24, 24, 24

Copyright:
Copyright 2008

Original file name:
Downloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\installplus500.exe

Digital Signature
Signed by:
Plus500 LTD

Authority:
Thawte, Inc.

Valid from:
4/20/2014 3:00:00 AM

Valid to:
7/10/2016 2:59:59 AM

Subject:
CN=Plus500 LTD, O=Plus500 LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
031183F8BA44C6DB1F7305BE0C6A6689

File PE Metadata
Compilation timestamp:
2/24/2014 2:25:52 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:ybr4/Uu59fyzp+V7uYQshpFT9Si2o0Yo+155jB:C8/Uu59fMpQ7LQshpxxz0D+15v

Entry address:
0x30D7E

Entry point:
E8, 10, B5, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 28, 53, 56, FF, 75, 0C, 8D, 4D, F0, E8, 4B, F6, FF, FF, 8B, 75, 08, 33, DB, 3B, F3, 75, 28, E8, C5, 26, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 10, DC, FF, FF, 83, C4, 14, 38, 5D, FC, 74, 07, 8B, 45, F8, 83, 60, 70, FD, D9, EE, EB, 61, 8B, 45, F0, 83, B8, AC, 00, 00, 00, 01, 7E, 14, 8D, 45, F0, 50, 0F, B6, 06, 6A, 08, 50, E8, C6, A8, 00, 00, 83, C4, 0C, EB, 10, 0F, B6, 0E, 8B, 80, C8, 00, 00, 00, 0F, B7, 04, 48, 83, E0, 08...
 
[+]

Code size:
287 KB (293,888 bytes)

Program Uninstaller
Program name:
Plus500

Uninstall string:
C:\Program Files\Plus500\Plus500.exe /uninstall


The file installplus500.exe has been seen being distributed by the following URL.

http://download.plus500.bg/.../InstallNewDownloader?bid=0&hl=bg&id=4711&tags=fb_sr Bulgaria-Website-RC-4711_cp LAL-WebsiteReg-90Days-Top10-Dktp_as bitcoin2-010515_mu

Scan installplus500.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.