× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 08bd0fb24009fa26df41f0d3d7506838ee220ffbe1b2daf5dce2dabd3f8c1914
File name: cbsidlm-cbsi145-UltraMon_64bit-ORG-10411346.exe
Detection ratio: 9 / 55
Analysis date: 2015-07-01 16:47:22 UTC ( 2 days, 20 hours ago )
Antivirus Result Update
AVG Generic.EE6 20150701
AVware Cnet AdInstaller (fs) 20150701
Agnitum Riskware.Agent! 20150630
Bkav W32.HfsAdware.D6B7 20150701
Cyren W32/S-85d83256!Eldorado 20150701
DrWeb Adware.Downware.1699 20150701
ESET-NOD32 a variant of Win32/CNETInstaller.B potentially unwanted 20150701
F-Prot W32/S-85d83256!Eldorado 20150701
VIPRE Cnet AdInstaller (fs) 20150701
ALYac 20150701
Ad-Aware 20150701
AegisLab 20150701
AhnLab-V3 20150701
Alibaba 20150630
Antiy-AVL 20150701
Arcabit 20150630
Avast 20150701
Avira 20150701
Baidu-International 20150701
BitDefender 20150701
ByteHero 20150701
CAT-QuickHeal 20150701
ClamAV 20150701
Comodo 20150701
Emsisoft 20150701
F-Secure 20150701
Fortinet 20150701
GData 20150701
Ikarus 20150701
Jiangmin 20150630
K7AntiVirus 20150701
K7GW 20150701
Kaspersky 20150701
Kingsoft 20150701
Malwarebytes 20150701
McAfee 20150701
McAfee-GW-Edition 20150701
MicroWorld-eScan 20150701
Microsoft 20150701
NANO-Antivirus 20150701
Panda 20150701
Qihoo-360 20150701
Rising 20150701
SUPERAntiSpyware 20150701
Sophos 20150701
Symantec 20150701
Tencent 20150701
TheHacker 20150701
TrendMicro 20150701
TrendMicro-HouseCall 20150701
VBA32 20150701
ViRobot 20150701
Zillya 20150701
Zoner 20150701
nProtect 20150701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (C) 2013

Publisher CBS Interactive
Product CNET Download.com
Original name CNET Download.exe
Internal name CNET Download.com
File version 5, 4, 0, 145
Description CNET Download.com
Signature verification Signed file, verified signature
Signers
[+] CBS Interactive
Status Valid
Valid from 1:00 AM 7/22/2013
Valid to 12:59 AM 8/22/2015
Valid usage Code Signing
Algorithm SHA1
Thumbprint 9F5D72B21EB8B219AED72414F95CCBB0A5C645E6
Serial number 4E 4B A2 EE 1F 4C 2B 3D 88 BE 58 9D A3 47 11 67
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-15 01:02:30
Entry Point 0x00220A80
Number of sections 3
PE sections
Overlays
MD5 fef08a263fa00418b91e4c196a02a579
File type data
Offset 920064
Size 3720
Entropy 7.24
PE imports
LPtoDP
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SysStringLen
UuidCreate
ShellExecuteA
PathFileExistsW
VerQueryValueW
GdipFree
OleInitialize
Number of PE resources by type
OFFERTMPLT 12
RT_STRING 7
RT_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
GIF 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 29
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.4.0.145

UninitializedDataSize
1327104

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
20480

EntryPoint
0x220a80

OriginalFileName
CNET Download.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013

FileVersion
5, 4, 0, 145

TimeStamp
2013:11:15 02:02:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CNET Download.com

ProductVersion
5, 4, 0, 145

FileDescription
CNET Download.com

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CNET Download.com

CodeSize
901120

ProductName
CNET Download.com

ProductVersionNumber
5.4.0.145

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d0984b7f50985e31c6f4d1cdc8984020
SHA1 e0c5e31b4a4daa88c64bb4ca1e304c4d70481f1f
SHA256 08bd0fb24009fa26df41f0d3d7506838ee220ffbe1b2daf5dce2dabd3f8c1914
ssdeep
24576:LzDVIV+UnxYeC1rbYgW/z+bnecw3MyU8uPwlvGX:Lq/PCFdI+rec+7

authentihash 5b879608e02da4da2aea586299446c056e1cdff42d663ab3e3376205f97a72b4
imphash 79a39d591fa5f8a503daba1ac8de118d
File size 902.1 KB ( 923784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (46.5%)
Win32 EXE Yoda's Crypter (40.4%)
Win32 Executable (generic) (6.8%)
Generic Win/DOS Executable (3.0%)
DOS Executable Generic (3.0%)
Tags
peexe signed upx overlay

VirusTotal metadata
First submission 2013-11-19 18:39:45 UTC ( 1 year, 7 months ago )
Last submission 2015-07-01 16:47:22 UTC ( 2 days, 20 hours ago )
File names cbsidlm-cbsi145-Download_App-PBF-75864009.exe
cbsidlm-cbsi145-Guitarpad_Free_Digital_Tuner-ORG-10467757.exe
cbsidlm-cbsi145-Jurassic_Park_Operation_Genesis-SEO-10191346(2).exe
cbsidlm-cbsi145-Imagic_Photo_Enhancer-ORG-10643672.exe
cbsidlm-cbsi145-MP3MyMP3-ORG-10369269.exe
cbsidlm-cbsi145-Free_PDF_to_Word-SEO-75732609.exe
cbsidlm-cbsi145-Free_MKV_to_AVI_Converter-ORG-75984422.exe
cbsidlm-cbsi145-Free_Video_Splitter-ORG-75415521.exe
cbsidlm-cbsi145-The_MerriamWebster_Dictionary_and_Thesaurus-ORG-10907752.exe
cbsidlm-cbsi145-UltraMon_64bit-ORG-10411346.exe
cbsidlm-cbsi145-Free_Video_Flip_and_Rotate-ORG-10763530.exe
cbsidlm-cbsi145-CommView_for_WiFi-ORG-10218782.exe
cbsidlm-cbsi145-Jurassic_Park_Operation_Genesis-SEO-10191346(1).exe
cbsidlm-cbsi145-mixmeister_bpm_analyzer-seo-10290906 (1).exe
cbsidlm-cbsi145-Cerberus_Professional_Guilloche_Editor-ORG-75182285.exe
cbsidlm-cbsi145-Soundcloud_Downloader-ORG-75738300.exe
cbsidlm-cbsi145-Auto_Clicker_by_Shocker-BP-75742161.exe
cbsidlm-cbsi145-Opera-SEO-10005498.exe
cbsidlm-cbsi145-FVD_Suite_IE_Plugin-ORG-10822981.exe
cbsidlm-cbsi145-Media_Player_Classic_Home_Cinema_64bit-ORG-75285683.exe
cbsidlm-cbsi145-USB_Flash_Drive_Tester-SEO-10810585.exe
cbsidlm-cbsi145-KMPlayer-BP-10659939.exe
cbsidlm-cbsi145-Serial_Key_Generator-ORG-75305595.exe
cbsidlm-cbsi145-123_Free_Solitaire-ORG-10022517.exe
cbsidlm-cbsi145-free_cd_to_mp3_converter-org-10388838.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!