» downloader.exe
Overview
Analysis
File Details

downloader.exe

The executable downloader.exe has been detected as malware by 19 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup.

File name:

downloader.exe

MD5:

22677ae24ea55052e7485a3cf2f56d7a

SHA-1:

f13dc2d569b6eece416e9e2e9b60371583a9b61b

SHA-256:

2e8d793f54a558e164c5af484c6699c74be4b56ab980aec52335d4c3e2815b22

Scanner detections:

19 / 68

Status:

Malware

Analysis date:

4/30/2024 1:18:49 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-Trojan/Downloader.16384.PH

5.0.

Avira AntiVirus

TR/Dldr.Tiny.C

7.10.5.241

Emsisoft A-Squared

Trojan.Win32.Small!IK

4.5.0.50

avast!

Win32:Trojan-gen

2014.9-170305

AVG

Downloader.Small

2018.0.2449

Bitdefender

Trojan.Generic.2605393

1.0.20.320

Comodo Security

UnclassifiedMalware

4394

ESET NOD32

Win32/Small (variant)

11.4978

Fortinet FortiGate

W32/Scribble.B

3/5/2017

F-Secure

Trojan.Generic.2605393

11.2017-05-03_1

G Data

Trojan.Generic.2605393

17.3.19

IKARUS anti.virus

Trojan.Win32.Small

t3scan.1.1.80.0

Kaspersky

Trojan.Win32.Small

14.0.0.-1262

McAfee

Generic.dx!gxd

5600.6105

Microsoft Security Essentials

Trojan:Win32/Danglo

1.163.1557.0

Norman

Smalltroj.UHQC

11.20170305

Prevx

High Risk Cloaked Malware

3.0

Quick Heal

Trojan.Agent.ATV

3.17.10.00

Vba32 AntiVirus

Trojan.Win32.Small.abcd

3.12.12.2

File size:

16 KB (16,384 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\downloader.exe

File PE Metadata

Compilation timestamp:

7/29/2009 8:41:00 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x19C6

Entry point:

55, 8B, EC, 6A, FF, 68, 80, 20, 40, 00, 68, 00, 1B, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 20, 53, 56, 57, 89, 65, E8, 83, 65, FC, 00, 6A, 01, FF, 15, 58, 20, 40, 00, 59, 83, 0D, B0, 33, 40, 00, FF, 83, 0D, B4, 33, 40, 00, FF, FF, 15, 54, 20, 40, 00, 8B, 0D, AC, 33, 40, 00, 89, 08, FF, 15, 50, 20, 40, 00, 8B, 0D, A8, 33, 40, 00, 89, 08, A1, 4C, 20, 40, 00, 8B, 00, A3, B8, 33, 40, 00, E8, C3, 00, 00, 00, 83, 3D, 70, 33, 40, 00, 00, 75, 0C, 68, F4, 1A, 40, 00, FF, 15, 48, 20... 
[+]

Entropy:

2.3055

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

4 KB (4,096 bytes)

Remove downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.