home

mein-hpl-2010-downloader.exe

OCSClient

www.download-sponsor.de

The application mein-hpl-2010-downloader.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.freeware.de.download-sponsor.de.
Publisher:
www.download-sponsor.de

Product:
OCSClient

Version:
1.00

MD5:
1f888e2c0ab857dbb920043b09abd44c

SHA-1:
9f7b2c0de80c60aa4a7ee57ddabd4fd50195a932

SHA-256:
2169da5aa1804752c256d69fd90e24ea38e0d2c2ba70626d0cfe815f64c6602b

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 12:55:49 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.138.220

Dr.Web
Adware.Downware.2252
9.0.1.085

ESET NOD32
Win32/DownloadSponsor (variant)
8.9594

G Data
Win32.Application.DownloadSponsor
14.3.24

Trend Micro House Call
HV_ZYX_CA22677F.TOMC
7.2.85

Vba32 AntiVirus
Downware.VB.AndreClient
3.12.24.3

VIPRE Antivirus
DownloadSponsor
27744

File size:
500 KB (512,000 bytes)

Product version:
1.00

Copyright:
Copyright @ www.download-sponsor.de

Original file name:
ocsclient.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mein-hpl-2010-downloader.exe

File PE Metadata
Compilation timestamp:
6/1/2012 4:44:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:/K/e3+fC0JkM8tPHjyN/Cs+zZjT4YkW2KanSDBfMysVufBn597NX2:/D+f9JkptPDIgwWo7ysgfBnnl2

Entry address:
0x1480

Entry point:
68, 8C, 48, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 17, 5D, 5D, 7C, BD, 4A, 4D, 4F, 95, 80, 4C, 02, 9C, 38, 5B, 25, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 4F, 43, 53, 43, 6C, 69, 65, 6E, 74, 00, 34, 36, 7D, 23, 32, 2E, 00, 00, 00, 00, FF, CC, 31, 00, 01, CB, 27, 30, 52, CC, D5, 70, 40, 90, CE, A9, 84, C1, C0, 1B, F5, D4, 5A, D4, AC, 9F, 94, AF, 4F, A5, 7F, 4E, 75, C8, E6, 2B, 8A, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
32 KB (32,768 bytes)

The file mein-hpl-2010-downloader.exe has been seen being distributed by the following URL.

http://www.freeware.de.download-sponsor.de/?cid=h367240&lastchange=1327506831

Remove mein-hpl-2010-downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.