home

netdownloader.exe

Files Info

The application netdownloader.exe by Files Info has been detected as a potentially unwanted program by 27 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.iainstalls.com and multiple other hosts.
Publisher:
Ultra Pronto Installer  (signed by Files Info)

Product:
Ultra Pronto Installer

Version:
57.6.5.4365

MD5:
ada1db3b280f696332c0448f69df0664

SHA-1:
de7cf924f1bb7ad8a00efde1ab176508e8629dd8

SHA-256:
a8d465ad218d66d2dd70b52baf19c3c1d6830f4b542bcda5b18b8f8915ddc3bd

Scanner detections:
27 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
5/4/2024 12:50:26 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DownloadAdmin.2
484

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.DownloadAdmin
2015.10.09

AVG
Generic
2016.0.2962

Bitdefender
Gen:Variant.Application.Bundler.DownloadAdmin.2
1.0.20.1410

Clam AntiVirus
Win.Trojan.Mikey-294
0.98/21511

Dr.Web
Trojan.Vittalia.517
9.0.1.0282

Emsisoft Anti-Malware
Gen:Variant.Mikey.24579
8.15.10.14.03

ESET NOD32
Win32/DownloadAdmin.N potentially unwanted (variant)
9.12379

Fortinet FortiGate
Riskware/DownloadAdmin
10/9/2015

F-Prot
W32/DownloAdmin.B.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Bundler
11.2015-09-10_6

G Data
Gen:Variant.Application.Bundler.DownloadAdmin
15.10.25

IKARUS anti.virus
PUA.DownloadAdmin
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.210.17474

Kaspersky
not-a-virus:Downloader.Win32.DownloAdmin
14.0.0.1279

Malwarebytes
PUP.Optional.DownLoadAdmin
v2015.10.09.09

McAfee
Artemis!ADA1DB3B280F
5600.6618

MicroWorld eScan
Gen:Variant.Application.Bundler.DownloadAdmin.2
16.0.0.846

NANO AntiVirus
Trojan.Win32.DownloAdmin.dxgjmo
0.30.26.3947

Panda Antivirus
Generic Suspicious
15.10.09.09

Reason Heuristics
Threat.Win.Reputation.IMP
15.10.13.23

Sophos
Generic PUA NO (PUA)
4.98

Vba32 AntiVirus
SScope.Downware.DownloadAdmin
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
44394

ViRobot
Adware.Downloadadmin.774264.C[h]
2014.3.20.0

Zillya! Antivirus
Downloader.DownloAdmin.Win32.1743
2.0.0.2435

File size:
756.1 KB (774,264 bytes)

Product version:
57.6.5.4365

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\netdownloader.exe

Digital Signature
Signed by:
Files Info

Authority:
GoDaddy.com, Inc.

Valid from:
9/10/2015 9:39:43 PM

Valid to:
9/10/2016 9:39:43 PM

Subject:
CN=Files Info, O=Files Info, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00FE7DA97A3F1D31E8

File PE Metadata
Compilation timestamp:
9/22/2014 1:06:12 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:olk3cbfk9/kV837nzAtGiyKQci1wr/oEFLxCLgaT74KEaymNmVQScYpA3eoVX3Uo:7cbk9cVjGitQcSQ/ofBMQyEHSE3l3Uo

Entry address:
0x1EFA00

Entry point:
60, BE, 00, 60, 53, 00, 8D, BE, 00, B0, EC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.9231

Packer / compiler:
UPX 2.90LZMA

Code size:
744 KB (761,856 bytes)

The file netdownloader.exe has been seen being distributed by the following 2 URLs.

http://www.iainstalls.com/.../netdownloader.exe

http://www.4sinstalls.com/.../netdownloader.exe

Remove netdownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.