× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 08bd0fb24009fa26df41f0d3d7506838ee220ffbe1b2daf5dce2dabd3f8c1914
File name: 4dc6gg2kjwvirrslwtfb4mcmjvyeqhy7.exe
Detection ratio: 6 / 57
Analysis date: 2015-02-16 15:31:29 UTC ( 2 weeks, 4 days ago )
Antivirus Result Update
AVG Generic.EE6 20150216
AVware Cnet AdInstaller (fs) 20150216
DrWeb Adware.Downware.1699 20150216
ESET-NOD32 a variant of Win32/CNETInstaller.B potentially unwanted 20150216
F-Prot W32/S-c5be5277!Eldorado 20150216
VIPRE Cnet AdInstaller (fs) 20150216
ALYac 20150216
Ad-Aware 20150216
AegisLab 20150216
Agnitum 20150216
AhnLab-V3 20150216
Alibaba 20150216
Antiy-AVL 20150216
Avast 20150216
Avira 20150216
Baidu-International 20150216
BitDefender 20150216
Bkav 20150213
ByteHero 20150216
CAT-QuickHeal 20150216
CMC 20150214
ClamAV 20150216
Comodo 20150216
Cyren 20150216
Emsisoft 20150216
F-Secure 20150216
Fortinet 20150216
GData 20150216
Ikarus 20150216
Jiangmin 20150215
K7AntiVirus 20150216
K7GW 20150216
Kaspersky 20150216
Kingsoft 20150216
Malwarebytes 20150216
McAfee 20150216
McAfee-GW-Edition 20150215
MicroWorld-eScan 20150216
Microsoft 20150216
NANO-Antivirus 20150216
Norman 20150216
Panda 20150216
Qihoo-360 20150216
Rising 20150216
SUPERAntiSpyware 20150215
Sophos 20150216
Symantec 20150216
Tencent 20150216
TheHacker 20150213
TotalDefense 20150216
TrendMicro 20150216
TrendMicro-HouseCall 20150216
VBA32 20150216
ViRobot 20150216
Zillya 20150216
Zoner 20150216
nProtect 20150216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (C) 2013

Publisher CBS Interactive
Product CNET Download.com
Original name CNET Download.exe
Internal name CNET Download.com
File version 5, 4, 0, 145
Description CNET Download.com
Signature verification Signed file, verified signature
Signers
[+] CBS Interactive
Status Valid
Valid from 1:00 AM 7/22/2013
Valid to 12:59 AM 8/22/2015
Valid usage Code Signing
Algorithm SHA1
Thumbrint 9F5D72B21EB8B219AED72414F95CCBB0A5C645E6
Serial number 4E 4B A2 EE 1F 4C 2B 3D 88 BE 58 9D A3 47 11 67
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbrint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbrint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-15 01:02:30
Entry Point 0x00220A80
Number of sections 3
PE sections
PE imports
LPtoDP
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SysStringLen
UuidCreate
ShellExecuteA
PathFileExistsW
VerQueryValueW
GdipFree
OleInitialize
Number of PE resources by type
OFFERTMPLT 12
RT_STRING 7
RT_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
GIF 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 29
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.4.0.145

UninitializedDataSize
1327104

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
20480

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013

FileVersion
5, 4, 0, 145

TimeStamp
2013:11:15 02:02:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CNET Download.com

FileAccessDate
2015:02:16 16:31:44+01:00

ProductVersion
5, 4, 0, 145

FileDescription
CNET Download.com

OSVersion
5.0

FileCreateDate
2015:02:16 16:31:44+01:00

OriginalFilename
CNET Download.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CNET Download.com

CodeSize
901120

ProductName
CNET Download.com

ProductVersionNumber
5.4.0.145

EntryPoint
0x220a80

ObjectFileType
Executable application

File identification
MD5 d0984b7f50985e31c6f4d1cdc8984020
SHA1 e0c5e31b4a4daa88c64bb4ca1e304c4d70481f1f
SHA256 08bd0fb24009fa26df41f0d3d7506838ee220ffbe1b2daf5dce2dabd3f8c1914
ssdeep
24576:LzDVIV+UnxYeC1rbYgW/z+bnecw3MyU8uPwlvGX:Lq/PCFdI+rec+7

authentihash 5b879608e02da4da2aea586299446c056e1cdff42d663ab3e3376205f97a72b4
imphash 79a39d591fa5f8a503daba1ac8de118d
File size 902.1 KB ( 923784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (46.5%)
Win32 EXE Yoda's Crypter (40.4%)
Win32 Executable (generic) (6.8%)
Generic Win/DOS Executable (3.0%)
DOS Executable Generic (3.0%)
Tags
peexe signed upx

VirusTotal metadata
First submission 2013-11-19 18:39:45 UTC ( 1 year, 3 months ago )
Last submission 2015-02-16 15:31:29 UTC ( 2 weeks, 4 days ago )
File names cbsidlm-cbsi145-Download_App-PBF-75864009.exe
cbsidlm-cbsi145-Guitarpad_Free_Digital_Tuner-ORG-10467757.exe
cbsidlm-cbsi145-Jurassic_Park_Operation_Genesis-SEO-10191346(2).exe
cbsidlm-cbsi145-Imagic_Photo_Enhancer-ORG-10643672.exe
cbsidlm-cbsi145-MP3MyMP3-ORG-10369269.exe
cbsidlm-cbsi145-Free_PDF_to_Word-SEO-75732609.exe
cbsidlm-cbsi145-Free_MKV_to_AVI_Converter-ORG-75984422.exe
cbsidlm-cbsi145-Free_Video_Splitter-ORG-75415521.exe
cbsidlm-cbsi145-The_MerriamWebster_Dictionary_and_Thesaurus-ORG-10907752.exe
cbsidlm-cbsi145-StartW8-ORG-75812800.exe
cbsidlm-cbsi145-CommView_for_WiFi-ORG-10218782.exe
cbsidlm-cbsi145-mixmeister_bpm_analyzer-seo-10290906 (1).exe
cbsidlm-cbsi145-cff_explorer-org-10431156.exe
cbsidlm-cbsi145-Soundcloud_Downloader-ORG-75738300.exe
cbsidlm-cbsi145-Auto_Clicker_by_Shocker-BP-75742161.exe
cbsidlm-cbsi145-Opera-SEO-10005498.exe
cbsidlm-cbsi145-FVD_Suite_IE_Plugin-ORG-10822981.exe
cbsidlm-cbsi145-Media_Player_Classic_Home_Cinema_64bit-ORG-75285683.exe
cbsidlm-cbsi145-USB_Flash_Drive_Tester-SEO-10810585.exe
cbsidlm-cbsi145-KMPlayer-BP-10659939.exe
cbsidlm-cbsi145-Serial_Key_Generator-ORG-75305595.exe
cbsidlm-cbsi145-123_Free_Solitaire-ORG-10022517.exe
cbsidlm-cbsi145-free_cd_to_mp3_converter-org-10388838.exe
cbsidlm-cbsi145-MyLanViewer-ORG-10827128.exe
cbsidlm-cbsi145-Winmail_Opener-BP-10469892(1).exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!