» jdownloader 2 setup.exe
Overview
Analysis
File Details
Downloads (248)
Network (1)

jdownloader 2 setup.exe

Appwork GmbH

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application jdownloader 2 setup.exe by Appwork GmbH has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from indir.gezginler.net and multiple other hosts. While running, it connects to the Internet address installer.jdownloader.org on port 80 using the HTTP protocol.

File name:

Publisher:

Appwork GmbH (signed and verified)

MD5:

e6d17971f0a6265a9efd7c57e6709bd0

SHA-1:

801fb099c67a2e7264a1675fc3359c63fe9287f7

SHA-256:

abad3a6610dae56190a29bab54952ce4920c81db9176155b08f656788ddc0099

Scanner detections:

2 / 68

Status:

Potentially unwanted

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/26/2024 1:43:25 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore.Installer (M)

15.6.26.22

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

File size:

291.1 KB (298,064 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Nullsoft Install System)

Language:

Swedish (Sweden)

Digital Signature

Signed by:

Appwork GmbH

Authority:

thawte, Inc.

Valid from:

1/28/2015 1:00:00 AM

Valid to:

1/29/2016 12:59:59 AM

Subject:

CN=Appwork GmbH, O=Appwork GmbH, L=Fürth, S=Bayern, C=DE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

4C87501159A97E0FA43CF04A705381FC

File PE Metadata

Compilation timestamp:

10/7/2014 6:40:23 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:b8dNXSEo7NBjYjWV58fGm3ZlaECSyFW9H71ke6QU/4OkVokku3yprswNR:QO1DBqGS0Whqd/cH4rsw3

Entry address:

0x30E2

Entry point:

81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 1C, 71, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 09, A3, 78, E4, 42, 00, E8, A8, 2D, 00, 00, A3, C4, E3, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, 00, 88, 42, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, C0, DB, 42, 00, E8, 52, 2A, 00, 00, FF, 15, 20, 71, 40, 00, BD, 00, 40, 43, 00, 50, 55, E8, 40, 2A... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file jdownloader 2 setup.exe has been seen being distributed by the following 50 URLs.

http://indir.gezginler.net/i/8763/.../