home

loader.exe

IP Labs GmbH

This is a setup program which is used to install the application. The file has been seen being downloaded from mail-attachment.googleusercontent.com and multiple other hosts.
Publisher:
IP Labs GmbH  (signed and verified)

Version:
4.5.0.1

MD5:
43f878176dae7fd12be3c0f793e49f45

SHA-1:
49fd09572a33fb8e25c756bb53744449fe905428

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/24/2024 6:55:44 AM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Trojan.GenericKD.1604010
8.14.04.06.07

File size:
643.2 KB (658,592 bytes)

Product version:
4.5

Copyright:
Copyright (C) 2012 by IP Labs GmbH

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Common path:
C:\Program Files\fujifilm\myfinepix studio\loader.exe

Digital Signature
Signed by:
IP Labs GmbH

Authority:
Thawte, Inc.

Valid from:
5/17/2012 8:00:00 PM

Valid to:
6/17/2014 7:59:59 PM

Subject:
CN=IP Labs GmbH, OU=APPLICATION DEVELOPMENT, O=IP Labs GmbH, L=Bonn, S=Nordrhein-Westfalen, C=DE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
152763E58C65752FD336C94C3BABCF16

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:Qpk23IU+QdfhjIWDZWy6duCEXAQy3tav4N/zGsd3lsgSNc4u1y:QpHYU+cVIWDZq4Cwstav49n911y

Entry address:
0x82D10

Entry point:
55, 8B, EC, 83, C4, F0, 53, 56, 57, B8, C0, 17, 48, 00, E8, 85, 41, F8, FF, 33, C0, 55, 68, 40, 2D, 48, 00, 64, FF, 30, 64, 89, 20, E8, 62, D4, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 15, E9, 27, 12, F8, FF, A1, 08, 53, 48, 00, C7, 00, 03, 00, 00, 00, E8, EB, 16, F8, FF, 5F, 5E, 5B, E8, 6B, 1B, F8, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
519 KB (531,456 bytes)

The file loader.exe has been discovered within the following program.

FUJIFILM MyFinePix Studio 3.2  by Fujifilm
Publisher's description - “The MyFinePix Studio is the image viewing software bundled with all FUJIFILM digital cameras. You can easily manage, view and print many images, and enjoy uploading images and movies to social networking services.”
www.fujifilm.com
19% remove it
 
Powered by Should I Remove It?

The file loader.exe has been seen being distributed by the following 4 URLs.

https://mail-attachment.googleusercontent.com/attachment/u/.../?ui=2&ik=2a09f7b38d&view=att&th=13d2627e4dde8beb&attid=0.4&disp=safe&realattid=f_hdrdtmqq4&zw&saduie=AG9B_P82jTngSxO-Bde7UyuS0YyS&sadet=1362144876075&sads=r-wJJNH3QhOTp-rnk_ANPZQug3w

https://mail-attachment.googleusercontent.com/attachment/u/.../?ui=2&ik=2a09f7b38d&view=att&th=13d2627e4dde8beb&attid=0.3&disp=safe&realattid=f_hdrdsfpy3&zw&saduie=AG9B_P82jTngSxO-Bde7UyuS0YyS&sadet=1362144873821&sads=PBZ7-PeWd8tdiqWVh7z7Y0RrGzw

https://mail-attachment.googleusercontent.com/attachment/u/.../?ui=2&ik=2a09f7b38d&view=att&th=13d2627e4dde8beb&attid=0.2&disp=safe&realattid=f_hdrdrpea2&zw&saduie=AG9B_P82jTngSxO-Bde7UyuS0YyS&sadet=1362144870631&sads=dEeEAH2i0_dFqUf6yJObTeEVxS0

https://mail-attachment.googleusercontent.com/attachment/u/.../?ui=2&ik=2a09f7b38d&view=att&th=13d2627e4dde8beb&attid=0.1&disp=safe&realattid=f_hdrdonas1&zw&saduie=AG9B_P82jTngSxO-Bde7UyuS0YyS&sadet=1362144815081&sads=QOYrkPhmJN_rNv-YZ0VmmYrnS24

Scan loader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.