SHDownloader.exe

SpyHunter Downloader

Enigma Software Group USA, LLC

Publisher:
Enigma Software Group USA, LLC.  (signed by Enigma Software Group USA, LLC)

Product:
SpyHunter Downloader

Version:
2.2.0.120

MD5:
29702c25639b549ac5221e546545d56b

SHA-1:
f36cf6ddcf5fe11ae9736e0747476b677d56b3ff

SHA-256:
e340969459ec273c10adfbfa0bb329020bcdbf2aedc54086af64c80147f4226f

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/16/2017 5:54:44 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Siggen5.45084
9.0.1.0240

File size:
711.9 KB (728,960 bytes)

Product version:
2.2.0.120

Copyright:
Copyright 2003-2012. Enigma Software Group USA, LLC. All rights reserved.

Original file name:
SHDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\shdownloader.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/1/2011 4:00:00 PM

Valid to:
4/24/2014 4:59:59 PM

Subject:
CN="Enigma Software Group USA, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Enigma Software Group USA, LLC", L=Clearwater, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
26DAAF2D653ACC1AF0E87C4A556CABFE

File PE Metadata
Compilation timestamp:
8/15/2013 7:04:44 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:vwZIc0d3SHcBFpaRs/2sOuclU/epJwGcjnCvT:YZIc0d3S83IO/pjqdp6vyT

Entry address:
0x2D171

Entry point:
E8, 1A, A4, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B...
 
[+]

Entropy:
7.1167

Code size:
293.5 KB (300,544 bytes)

The file SHDownloader.exe has been discovered within the following programs.

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
SpyHunter 4  by Enigma Software Group
www.enigmasoftware.com
43% remove it
www.Toolwiz.com
About 5% of users remove it
 
Powered by Should I Remove It?

The file SHDownloader.exe has been seen being distributed by the following 50 URLs.

http://testcamp2.enigma.revenuewire.net/.../download?safesearch

http://tuttotutorial.it/.../omiga-plus-rimozione

http://pcremoval.enigma.revenuewire.net/.../download?clearthinkvirus

http://www.prouninstaller.com/remove-spyware-download.php

http://www.removeonline.com/download.php?m=scanner

http://adaware7.enigma.revenuewire.net/.../download

http://bingads101.enigma.revenuewire.net/.../download?tuvaro_0033_1107

http://perseo.enigma.revenuewire.net/spyhunter2/.../?248144965

http://blog.teesupport.com/.../spyhunter.php

http://assus.enigma.revenuewire.net/.../download?edepix9a_67_6576185

http://fbmtrack.com/.../go.php?c=52&l=66&subid=213613289

http://testbr.enigma.revenuewire.net/.../download?lasaorenvirus

http://perseo.enigma.revenuewire.net/spyhunter2/.../?915044

http://tuvaro.enigma.revenuewire.net/.../download?tuvaro

http://fbmtrack.com/.../go.php?c=47&l=45&subid=215067255

http://perseo.enigma.revenuewire.net/spyhunter2/.../?238449378

http://www.justcomputertech.com/download.php

http://trialscan.enigma.revenuewire.net/.../download?srtpcoptpro

http://fbmtrack.com/.../go.php?c=47&l=45&subid=22092596

http://pchelpuk.enigma.revenuewire.net/.../download?istartsurfvirus

http://update12.com/download.php?subid=flawbng&k=bfec363dfa63dfd921f75381d860d8e7

http://binghjk.enigma.revenuewire.net/.../download?mobogenie_0336_1708

http://fbmsunins.enigma.revenuewire.net/.../download?u2ff9q5h_76_6245578

http://removeviru.enigma.revenuewire.net/spyhunter2/.../?Desinstaller v9

http://scarybear.enigma.revenuewire.net/.../download?astromd

http://simpleremoval.com/conduit/.../spyhunter.php

http://greenoffer.enigma.revenuewire.net/.../download?x8sa2427_8_65659

http://windowstechies.com/go/.../?tid=2YSZD

http://losvirus.es/.../hunter.exe

http://perseo.enigma.revenuewire.net/spyhunter2/.../?212490038

Latest 30 of 1,736 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-239-158-150.cdg51.r.cloudfront.net  (54.239.158.150:80)

TCP (HTTP):
Connects to server-54-230-94-167.fra2.r.cloudfront.net  (54.230.94.167:80)

TCP (HTTP):
Connects to server-54-230-199-175.lhr50.r.cloudfront.net  (54.230.199.175:80)

TCP (HTTP):
Connects to server-54-230-127-180.nrt52.r.cloudfront.net  (54.230.127.180:80)

Scan SHDownloader.exe - Powered by Reason Core Security