home

java runtime environment setup.exe

WeDownload, Ltd

The application java runtime environment setup.exe by WeDownload has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Midia Downloader installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. With this installer, users are expecting to download the free Oracle Java Runtime but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
WeDownload, Ltd  (signed and verified)

MD5:
37ca68b2f054426e538d049cdd97297d

SHA-1:
427e2589372a35e213b6f87f3d6b80dec440bc7a

SHA-256:
3260dcf6f6af5431233114bb5af7729c84de405c07ff67a94935ab7f2159170e

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Uses the InstallIQ (by InstallX) software bundler that may include toolbars and other browser extensions offers.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/27/2024 10:22:52 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Soft32Downloader
7.1.1

avast!
Win32:Downloader-TOV [PUP]
2014.9-140407

AVG
Wedownload
2015.0.3389

Clam AntiVirus
Win.Adware.Outbrowse-2
0.98/19185

Dr.Web
Adware.Downware.971
9.0.1.097

ESET NOD32
MSIL/Soft32Downloader (variant)
8.9643

Fortinet FortiGate
Riskware/InstallIQ
8/7/2014

G Data
Win32.Application.Soft32Downloader
14.8.24

K7 AntiVirus
Adware
13.176.11663

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.4053

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.04.07.07

McAfee
Artemis!B77FB64CB25D
5600.7045

NANO AntiVirus
Trojan.Win32.Generic.dbxkaf
0.28.2.60881

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.Installer.WeDownload.EE
14.8.7.20

Rising Antivirus
PE:Trojan.Win32.Generic.1630F8F3!372308211
23.00.65.14805

Trend Micro House Call
TROJ_GE.BEFC4F30
7.2.97

Vba32 AntiVirus
Downloader.Agent
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
28104

File size:
591.8 KB (605,960 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Midia Downloader (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\java runtime environment setup.exe

Digital Signature
Signed by:
WeDownload, Ltd

Authority:
DigiCert Inc

Valid from:
2/6/2013 1:00:00 AM

Valid to:
2/11/2016 1:00:00 PM

Subject:
CN="WeDownload, Ltd", O="WeDownload, Ltd", L=Nicosia, C=CY

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0320C5B8F7CE6E92D3665598826A4480

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:8wMDD4W5BoObMzs5d1Qlu8KM1Mhh+mysYm:8tgW5BoQ5bQcM1MhhXHYm

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove java runtime environment setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.