home

installplus500.exe

Downloader

Plus500 LTD

This is a setup program which is used to install the application. This is the uninstaller utility registered in the Windows Control Panel for the program Plus500. The file has been seen being downloaded from download.plus500.be.
Publisher:
Plus500 LTD  (signed and verified)

Product:
Downloader

Version:
24, 24, 24, 24

MD5:
1a9f0e748d2d3e7b43d090e36f6316fe

SHA-1:
c19e01fca60b1e3fb6316395a676371f6a7e2b0e

SHA-256:
8721e3fae0fa14ea5e01b8013262a0c5ecb235b355d2ed8976800ff3a450d55d

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
5/9/2024 1:29:21 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.9669
9.0.1.05190

F-Secure
Gen:Variant.Adware.Mikey
11.2015-04-12_6

Trend Micro House Call
HV_ZYX_BK08273A.TOMC
7.2.338

Zillya! Antivirus
Downloader.DownloadHelper.Win32.697
2.0.0.2543

File size:
375.7 KB (384,720 bytes)

Product version:
24, 24, 24, 24

Copyright:
Copyright 2008

Original file name:
Downloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\installplus500.exe

Digital Signature
Signed by:
Plus500 LTD

Authority:
thawte, Inc.

Valid from:
8/19/2015 2:00:00 AM

Valid to:
8/19/2017 1:59:59 AM

Subject:
CN=Plus500 LTD, OU=IT, O=Plus500 LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6DCCA904374D894E103F26336B24663B

File PE Metadata
Compilation timestamp:
2/24/2014 1:25:52 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:Zobr4/Uu59fyzp+V7uYQshpFT9Si2o0Yo+155DB:O8/Uu59fMpQ7LQshpxxz0D+15/

Entry address:
0x30D7E

Entry point:
E8, 10, B5, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 28, 53, 56, FF, 75, 0C, 8D, 4D, F0, E8, 4B, F6, FF, FF, 8B, 75, 08, 33, DB, 3B, F3, 75, 28, E8, C5, 26, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 10, DC, FF, FF, 83, C4, 14, 38, 5D, FC, 74, 07, 8B, 45, F8, 83, 60, 70, FD, D9, EE, EB, 61, 8B, 45, F0, 83, B8, AC, 00, 00, 00, 01, 7E, 14, 8D, 45, F0, 50, 0F, B6, 06, 6A, 08, 50, E8, C6, A8, 00, 00, 83, C4, 0C, EB, 10, 0F, B6, 0E, 8B, 80, C8, 00, 00, 00, 0F, B7, 04, 48, 83, E0, 08...
 
[+]

Code size:
287 KB (293,888 bytes)

Program Uninstaller
Program name:
Plus500

Uninstall string:
C:\Program Files\Plus500\Plus500.exe /uninstall


The file installplus500.exe has been seen being distributed by the following URL.

http://download.plus500.be/DownloadService.svc/InstallNewDownloader?bid=0&hl=nl&id=86735&tags=g_sr BelgiumSearchDutchPartner_cp 18405981566_agi RiskTakers_agn geld verdienen_ks b_mt c_de g_nt Bonus-lk_ext UURL&refurl=https://.../&gclid=CN_o4KyRvMkCFSsKwwodZUQANg

Scan installplus500.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.