home

JDownloader 2.exe

JDownloader

AppWork GmbH

The application JDownloader 2.exe, “JDownloader 2 Launcher” by AppWork GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from s8541.chomikuj.pl.
Publisher:
AppWork GmbH  (signed and verified)

Product:
JDownloader

Description:
JDownloader 2 Launcher

Version:
2.0.0.0

MD5:
14534d97bb7224b0cedec7918c7c960e

SHA-1:
99d26ed36765af9aa381c10c58d904f216ad2c85

SHA-256:
071e0955a9a6b01657e3db0b558c636cacc617c1a9b3340c9dc67459bd8773a8

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 5:15:23 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.AppWorkGmbH.N
14.7.28.0

File size:
335.1 KB (343,168 bytes)

Product version:
2

Copyright:
Copyright AppWork GmbH

Original file name:
JDownloader 2.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\jdownloader 2\jdownloader 2.exe

Digital Signature
Signed by:
AppWork GmbH

Authority:
GlobalSign nv-sa

Valid from:
3/1/2011 3:00:48 PM

Valid to:
3/1/2014 3:00:41 PM

Subject:
E=e-mail@appwork.org, CN=AppWork GmbH, O=AppWork GmbH, L=Fürth, S=Bavaria, C=DE

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000012E71E7355C

File PE Metadata
Compilation timestamp:
1/13/2012 11:15:15 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
6144:J2EIw+M9wJdD1G40ztaNP0g4c6He3wT66vlmmAmWyvy7dQL8vOxTi2quLby4i2W:Qnw+YwD040EB03sdWVSm11W

Entry address:
0x11D8

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
130.5 KB (133,632 bytes)

The file JDownloader 2.exe has been seen being distributed by the following URL.

http://s8541.chomikuj.pl/File.aspx?e=-I6N1TBSlW5F-4ITxlWgwc4f033TG5P-PXKYFZJuzIXLHrxjAtqJPSDaokmJxD6hlZ_dkdhs3gC5G4Bw8O7UpjcdnHVtXODVu70dW91x_LXWMpu5OuiLOvcfdzVWIbxP0pFnVkEp9oPUGRIUYHXF8IKFV2LIvQ5NDA8-XqJJLj30RXCcf2Oxp356h2G2AKshPsTvQTMLvavSIMyqGOgaKxobKixBK5A7fEFqsJ4R7lfPu9LYnbKe5wVmJRjxpIG7KOdb_cudybAx8FMVVRIcvkXbPngD91b2EnautqXqvvGDPE8dHGocKbx2iysqDkwxIldcetVfo1qbDS4wb9ZzlZtgji8Zf4Up9iWGkCF1dcYz8E4G3h7M6zrBeeCiurkEKwoWAy8vL22DG2CeOJCLhg&pv=2

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn4.appwork.org  (176.9.34.43:80)

TCP (HTTP):
Connects to api.jdownloader.org  (188.40.57.212:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-tpe1.facebook.com  (31.13.87.36:443)

TCP (HTTP SSL):
Connects to ec2-54-199-222-115.ap-northeast-1.compute.amazonaws.com  (54.199.222.115:443)

TCP (HTTP):
Connects to zippyshare.com  (37.187.134.184:80)

TCP (HTTP):
Connects to update3.jdownloader.org  (78.46.69.237:80)

TCP (HTTP):
Connects to ns6560341.ip-178-33-63.eu  (178.33.63.89:80)

TCP (HTTP):
Connects to cdn8.appwork.org  (85.131.130.147:80)

Remove JDownloader 2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.