» startdownload.exe
Overview
Analysis
File Details

startdownload.exe

JInstall

Jelbrus LLC

The application startdownload.exe by Jelbrus has been detected as adware by 25 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

startdownload.exe

Publisher:

Jelbrus LLC (signed and verified)

Product:

JInstall

Description:

Jelbrus Install

Version:

1,2,0,1

MD5:

c7d5eb21d0ff0d50793911daf14e9434

SHA-1:

5d1a33b05c28c85928eb000a389fe5eee081b7f9

SHA-256:

098d38ffa38a15a30205daba65f4feb20cf1ca04682cec994ac35fbb2d395063

Scanner detections:

25 / 68

Status:

Adware

Analysis date:

4/16/2024 3:12:19 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.JelBrus.1

486

Agnitum Outpost

Trojan.Yakes

7.1.1

AhnLab V3 Security

PUP/Win32.JelBrus

2015.06.12

Avira AntiVirus

ADWARE/Techsnab.9058

8.3.1.6

avast!

Win32:Malware-gen

2014.9-151006

AVG

Jelbrus

2016.0.2964

Bitdefender

Gen:Variant.Application.Bundler.JelBrus.1

1.0.20.1395

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Privitize.64

9.0.1.0279

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.JelBrus

8.15.10.06.01

ESET NOD32

Win32/Techsnab.G potentially unwanted application

9.7.0.302.0

F-Prot

W32/S-c20feb6e

v6.4.7.1.166

F-Secure

Riskware.Gen:Variant.Application.Bundler

11.2015-06-10_3

G Data

Gen:Variant.Application.Bundler.JelBrus

15.10.25

K7 AntiVirus

Unwanted-Program

13.205.16221

Kaspersky

Trojan.Win32.Yakes

14.0.0.1317

Malwarebytes

PUP.Optional.Jelbrus.A

v2015.10.06.01

MicroWorld eScan

Gen:Variant.Application.Bundler.JelBrus.1

16.0.0.837

NANO AntiVirus

Trojan.Win32.Yakes.dsplyi

0.30.24.2086

Norman

Gen:Variant.Application.Bundler.JelBrus.1

11.20151006

Panda Antivirus

Trj/Genetic.gen

15.10.06.01

Reason Heuristics

PUP.Techsnab.Jelbrus.Installer (M)

15.10.6.13

Rising Antivirus

PE:Malware.Techsnab!6.2578

23.00.65.151004

VIPRE Antivirus

Threat.5079017

40828

Zillya! Antivirus

Trojan.Yakes.Win32.34183

2.0.0.2219

File size:

209.5 KB (214,568 bytes)

Product version:

1,2,0,1

Original file name:

JSoft.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\startdownload.exe

Digital Signature

Signed by:

Jelbrus LLC

Authority:

Thawte, Inc.

Valid from:

10/8/2014 9:00:00 PM

Valid to:

10/8/2016 8:59:59 PM

Subject:

CN=Jelbrus LLC, O=Jelbrus LLC, L=Moscow, S=Moscow, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7EFEBD32727C3DC5744B9CB679179D43

File PE Metadata

Compilation timestamp:

6/3/2015 12:45:12 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

3072:+PBg2axzV8kXvIKrawu4+WIT0TAV5Sjyfl+WVoXcJaQOMpAQdUmzjHPC:Ea1dvIKtYV5rKuEMHzjHPC

Entry address:

0x10C6A

Entry point:

E8, 3D, 78, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C0, 85, 42, 00, E8, A0, 48, 00, 00, E8, 0E, 7A, 00, 00, 0F, B7, F0, 6A, 02, E8, D0, 77, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 47, 44, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

129.5 KB (132,608 bytes)

Remove startdownload.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.