home

installplus500.exe

Downloader

Plus500 LTD

This is a setup program which is used to install the application. This is the uninstaller utility registered in the Windows Control Panel for the program Plus500. The file has been seen being downloaded from download.plus500.nl.
Publisher:
Plus500 LTD  (signed and verified)

Product:
Downloader

Version:
24, 24, 24, 24

MD5:
34743e8662d2bd2861d50401a608851e

SHA-1:
9b22b3c20e1b47b64740cbd5d5d00a3d5b710224

SHA-256:
b96bb3fca236bb42ab4d759cd9ba8f5efefaaf722b982c249ad69cb5cbfbc7ac

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/24/2024 1:15:44 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.9669
9.0.1.05190

F-Secure
Gen:Variant.Adware.Mikey
11.2015-19-05_3

Trend Micro House Call
HV_ZYX_BK08273A.TOMC
7.2.139

File size:
375.5 KB (384,488 bytes)

Product version:
24, 24, 24, 24

Copyright:
Copyright 2008

Original file name:
Downloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\installplus500.exe

Digital Signature
Signed by:
Plus500 LTD

Authority:
Thawte, Inc.

Valid from:
4/20/2014 2:00:00 AM

Valid to:
7/10/2016 1:59:59 AM

Subject:
CN=Plus500 LTD, O=Plus500 LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
031183F8BA44C6DB1F7305BE0C6A6689

File PE Metadata
Compilation timestamp:
2/24/2014 1:25:52 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:tbr4/Uu59fyzp+V7uYQshpFT9Si2o0Yo+155US:F8/Uu59fMpQ7LQshpxxz0D+15L

Entry address:
0x30D7E

Entry point:
E8, 10, B5, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 28, 53, 56, FF, 75, 0C, 8D, 4D, F0, E8, 4B, F6, FF, FF, 8B, 75, 08, 33, DB, 3B, F3, 75, 28, E8, C5, 26, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 10, DC, FF, FF, 83, C4, 14, 38, 5D, FC, 74, 07, 8B, 45, F8, 83, 60, 70, FD, D9, EE, EB, 61, 8B, 45, F0, 83, B8, AC, 00, 00, 00, 01, 7E, 14, 8D, 45, F0, 50, 0F, B6, 06, 6A, 08, 50, E8, C6, A8, 00, 00, 83, C4, 0C, EB, 10, 0F, B6, 0E, 8B, 80, C8, 00, 00, 00, 0F, B7, 04, 48, 83, E0, 08...
 
[+]

Code size:
287 KB (293,888 bytes)

Program Uninstaller
Program name:
Plus500

Uninstall string:
C:\Program Files\Plus500\Plus500.exe /uninstall


The file installplus500.exe has been seen being distributed by the following URL.

http://download.plus500.nl/DownloadService.svc/InstallNewDownloader?bid=0&hl=nl&refurl=https://.../

Scan installplus500.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.