home

musique_malgache_wawa_2013_downloader.exe

YourFileDownloader Installer

Romir Production Inc

This is the Via Advertising bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application musique_malgache_wawa_2013_downloader.exe by Romir Production Inc has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the YourFile Downloader installer. The file has been seen being downloaded from dll513.down-loader.biz.
Publisher:
http://yourfile-downloader.com  (signed by Romir Production Inc)

Product:
YourFileDownloader Installer

Version:
1, 0, 299, 1

MD5:
875c24e8b8481ba9c29bb07aadec58ca

SHA-1:
5c399a17d8d8b30a758e2b7557020d87d83074d7

SHA-256:
1cdbf1b485af9aaa259e618f0719dabc79de9310496a00b0bb91c6dd31026535

Scanner detections:
11 / 68

Status:
Potentially unwanted

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/13/2024 6:07:31 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen4
7.11.205.14

AVG
Generic
2016.0.3218

ESET NOD32
Win32/ExpressDownloader.K potentially unwanted application
7.0.302.0

F-Prot
W32/A-42de288b
v6.4.7.1.166

IKARUS anti.virus
PUA.Expressdownloader
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.192.14746

Reason Heuristics
PUP.Installer.Via Advertising
15.1.25.11

Sophos
PUA 'Go For Files'
5.09

VIPRE Antivirus
Threat.4783941
36694

Zillya! Antivirus
Trojan.Black.Win32.22512
2.0.0.2045

File size:
3.6 MB (3,816,832 bytes)

Product version:
1.0.0.1

Copyright:
Copyright http://yourfile-downloader.com (C) 2014

Original file name:
YourFileDownloaderInstaller.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
YourFile Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\musique_malgache_wawa_2013_downloader.exe

Digital Signature
Signed by:
Romir Production Inc

Authority:
DigiCert Inc

Valid from:
11/27/2013 1:00:00 AM

Valid to:
12/1/2016 1:00:00 PM

Subject:
CN=Romir Production Inc, O=Romir Production Inc, L=Mahe, C=SC

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0E42162AE2595C541F88BCA20E8603DB

File PE Metadata
Compilation timestamp:
10/21/2014 6:10:34 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:yTrT42KjorB5YYl9FehbH8Oii0jmFGCOjWviFJf3Ci:y3TDD8hj8cZGpjWkhT

Entry address:
0x6F5BD4

Entry point:
E8, 04, D7, FF, FF, B4, 68, 59, 4B, 3D, 46, FB, 94, 58, 2E, 5B, C0, 4D, E0, 70, 34, 04, 87, 42, 5E, 22, 5D, FB, 7C, EC, EF, B8, EB, CF, F3, D6, AA, 96, 01, 87, 10, 98, 24, 25, ED, 9F, CE, 89, 80, 95, B1, 04, D5, BC, CB, 8D, 81, F5, 4E, 97, 48, 0C, 3F, 5C, A8, D0, A7, 41, 52, 89, 55, A8, A3, 4C, 0A, 4E, 98, 00, 8F, 62, EE, D3, 35, 1C, DA, 5A, EB, B1, 0F, 94, 24, B0, E8, B7, 92, A7, E2, B7, 98, D5, C3, 61, 32, 42, 98, B2, D5, FC, C5, 0C, 1B, 3B, B7, 41, FF, C3, DE, 18, 1D, 2D, C0, E7, BF, C9, 41, 90, 59, D4...
 
[+]

Code size:
774.5 KB (793,088 bytes)

The file musique_malgache_wawa_2013_downloader.exe has been seen being distributed by the following URL.

http://dll513.down-loader.biz/j5GIQnHZuE5j64BeZt wIGbZihBzt7gUJPTsfDy8km4v NRkG jQaBHlyyxfupgHE 3FVwDUyE1GhY8bVI1zLFeIOERkhHsaIJJkHBWMaPMrwSGhMWxw6D05LKkubFLMNmNW419kQf4HcF7xD2wfwAFxE9MWU2bIGVFT2whRfPUsCjfS41wW2OpdLtTVVj7 vhoho EfMLurfGvhqHlZ/ax V/mQY1j90zUyt8srGd7IOkWE1wRKjoFXRdzbWrLEjVjklfoUucOjTbyc/huiMOgJ9DqRyL9nsbn4YfzrwGfjvYNnkP/NboXg8naOpYMFnP3bQ8 RiBzHlJtbx8HnWJvV AQ61vgIY4aoW2yKtXQ4juQhK/Pteibw6XYq/.../vU

Remove musique_malgache_wawa_2013_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.