» $rd0cptm.exe
Overview
Analysis
File Details

$rd0cptm.exe

JDownloader

AppWork GmbH

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application $rd0cptm.exe by AppWork GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer.

File name:

$rd0cptm.exe

Publisher:

AppWork GmbH (signed and verified)

Product:

JDownloader

Version:

0.9

MD5:

8d3353dad1dac40cee5afbd4b4fa6ab6

SHA-1:

776fb7e802ab4312d376ce6d35ca6df2eb98cdff

SHA-256:

cb36269814c0c9cb0cb6224b7b245b85f291eb3cad6b9f363c76ad7b08570387

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/19/2024 7:12:07 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Bundler.installCore

15.3.7.8

File size:

25.6 MB (26,839,168 bytes)

Product version:

0.9

AppWork GmbH

Original file name:

JDownloaderSetup.exe

File type:

Executable application (Win64 EXE)

Bundler/Installer:

installCore

Language:

Language Neutral

Digital Signature

Signed by:

AppWork GmbH

Authority:

GlobalSign nv-sa

Valid from:

3/1/2011 3:00:48 PM

Valid to:

3/1/2014 3:00:41 PM

Subject:

E=e-mail@appwork.org, CN=AppWork GmbH, O=AppWork GmbH, L=Fürth, S=Bavaria, C=DE

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

0100000000012E71E7355C

File PE Metadata

Compilation timestamp:

6/21/2011 10:10:46 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

393216:SqB2kst0vf0MtqYpo4GMIWl4/kXV6HyYzA9G1nHwIPXi/qkT8eYCRJYLxM2uA8Ge:fkksivfzZFn2kXV6Hy8dncJYeT6GHM0D

Entry address:

0x11F8

Entry point:

4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.9937 (probably packed)

Code size:

179.5 KB (183,808 bytes)

Remove $rd0cptm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.