× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: c3467621d7f2479bac6fba7afae7b32bc5f3b25f61c562543ab498cdd9c5e33c
Nombre: JDownloaderSetup.exe
Detecciones: 5 / 68
Fecha de análisis: 2019-02-16 07:16:43 UTC ( hace 2 meses ) Ver el más reciente
Antivirus Resultado Actualización
Cyren W32/Trojan.CGWX-8769 20190216
DrWeb Program.Unwanted.3640 20190216
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of MSIL/WebCompanion.A potentially unwanted 20190216
VBA32 Adware.Spigot 20190215
Acronis 20190213
Ad-Aware 20190216
AegisLab 20190216
AhnLab-V3 20190215
Alibaba 20180921
ALYac 20190216
Antiy-AVL 20190216
Arcabit 20190215
Avast 20190216
Avast-Mobile 20190215
AVG 20190216
Avira (no cloud) 20190216
Babable 20180918
Baidu 20190215
BitDefender 20190216
Bkav 20190216
CAT-QuickHeal 20190215
ClamAV 20190215
CMC 20190215
Comodo 20190216
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190216
Emsisoft 20190216
F-Prot 20190216
F-Secure 20190216
Fortinet 20190216
GData 20190216
Ikarus 20190215
Sophos ML 20181128
Jiangmin 20190216
K7AntiVirus 20190216
K7GW 20190216
Kaspersky 20190215
Kingsoft 20190216
Malwarebytes 20190216
MAX 20190216
McAfee 20190216
McAfee-GW-Edition 20190215
Microsoft 20190216
eScan 20190216
NANO-Antivirus 20190216
Palo Alto Networks (Known Signatures) 20190216
Panda 20190215
Qihoo-360 20190216
Rising 20190216
SentinelOne (Static ML) 20190203
Sophos AV 20190216
SUPERAntiSpyware 20190213
Symantec 20190216
Symantec Mobile Insight 20190207
TACHYON 20190216
Tencent 20190216
TheHacker 20190215
Trapmine 20190123
TrendMicro 20190216
TrendMicro-HouseCall 20190216
Trustlook 20190216
VIPRE 20190216
ViRobot 20190215
Webroot 20190216
Yandex 20190215
Zillya 20190215
ZoneAlarm by Check Point 20190216
Zoner 20190216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
AppWork GmbH

Product JDownloader
Original name JD2SilentSetup_x86_h2o.exe
Internal name JD2SilentSetup_x86_h2o.exe
File version 9.2.0.0
Description JDownloader
Signature verification Signed file, verified signature
Signing date 8:18 PM 8/13/2018
Signers
[+] AppWork GmbH
Status Valid
Issuer Entrust Extended Validation Code Signing CA - EVCS1
Valid from 01:43 PM 05/24/2018
Valid to 02:12 PM 05/24/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint FB8D8D38224D96584B7AC8AB8C9C2207A93363D0
Serial number 7B AE 8B C6 E8 4A 81 BE 00 00 00 00 55 65 68 CA
[+] Entrust Extended Validation Code Signing CA - EVCS1
Status Valid
Issuer Entrust Root Certification Authority - G2
Valid from 01:42 PM 06/10/2015
Valid to 02:12 PM 11/10/2030
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 64B8F1EDEF40D7D28602B6B9171AFF114E12A646
Serial number 00 87 82 52 60 00 00 00 00 51 D3 73 D9
[+] Entrust.net
Status Valid
Issuer Entrust Root Certification Authority - G2
Valid from 05:25 PM 07/07/2009
Valid to 05:55 PM 12/07/2030
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbprint 8CF427FD790C3AD166068DE81E57EFBB932272D4
Serial number 4A 53 8C 28
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 12:00 AM 05/24/2016
Valid to 12:00 AM 06/24/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 10:00 AM 04/13/2011
Valid to 12:00 PM 01/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT 7Z, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-18 18:54:06
Entry Point 0x000148D4
Number of sections 5
PE sections
Overlays
MD5 68671e6ca08c37e1f0989eb8ff7ad4cf
File type data
Offset 329216
Size 43322120
Entropy 8.00
PE imports
GetStdHandle
WaitForSingleObject
FindFirstFileW
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
FreeEnvironmentStringsW
SetFileAttributesA
GetTempPathA
GetCPInfo
GetStringTypeA
GetTempPathW
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
FormatMessageW
GetEnvironmentVariableA
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
SetLastError
InitializeCriticalSection
GetModuleFileNameW
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
SetFileAttributesW
CreateThread
SetUnhandledExceptionFilter
ExitThread
TerminateProcess
SetCurrentDirectoryW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
CloseHandle
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
GetTickCount
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
CreateDirectoryW
DeleteFileW
GetProcAddress
RemoveDirectoryW
FindNextFileW
ResetEvent
FindNextFileA
WaitForMultipleObjects
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
RemoveDirectoryA
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
SetFilePointer
ReadFile
FindFirstFileA
GetACP
GetVersion
CreateProcessA
WideCharToMultiByte
HeapCreate
WriteFile
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
VariantClear
SysAllocString
ShellExecuteExA
GetWindowLongA
SetTimer
MessageBoxW
LoadIconA
LoadStringA
SetWindowTextA
EndDialog
PostMessageA
CharUpperW
DialogBoxParamW
SendMessageA
LoadStringW
SetWindowTextW
GetDlgItem
SetWindowLongA
KillTimer
DialogBoxParamA
ShowWindow
CharUpperA
DestroyWindow
Number of PE resources by type
RT_ICON 15
RT_STRING 2
RT_GROUP_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 14
ENGLISH US 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
223744

ImageVersion
0.0

ProductName
JDownloader

FileVersionNumber
9.2.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Large address aware, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
JD2SilentSetup_x86_h2o.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
9.2.0.0

TimeStamp
2011:04:18 19:54:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
JD2SilentSetup_x86_h2o.exe

ProductVersion
9.2.0.0

FileDescription
JDownloader

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
AppWork GmbH

MachineType
Intel 386 or later, and compatibles

CompanyName
AppWork GmbH

CodeSize
104448

FileSubtype
0

ProductVersionNumber
9.2.0.0

EntryPoint
0x148d4

ObjectFileType
Executable application

File identification
MD5 1ac59134a64faed372cf10d397bf5b24
SHA1 0de7c04135a7fb623d92795185fa09ce99158dcb
SHA256 c3467621d7f2479bac6fba7afae7b32bc5f3b25f61c562543ab498cdd9c5e33c
ssdeep
786432:r6N2r+AtnPeGtEcbbGfSv1jfu5JBzI7ijHAtsbQueCD8kafzNNsjzzC:rDxeGacOfSv1DozI0XQuR8JDozW

authentihash 7f92222306b5796184e3d22302b48b43f94485ad5d640ebf7f386e897fc5c0e1
imphash e00de6e48b9b06aceb12a81e7bf494c9
Tamaño del fichero 41.6 MB ( 43651336 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (44.0%)
Win64 Executable (generic) (28.2%)
Microsoft Visual C++ compiled executable (generic) (16.9%)
Win32 Executable (generic) (4.6%)
OS/2 Executable (generic) (2.0%)
Tags
peexe overlay signed via-tor

VirusTotal metadata
First submission 2018-08-14 17:51:37 UTC ( hace 8 meses, 1 semana )
Last submission 2019-03-25 18:52:41 UTC ( hace 4 semanas, 1 día )
Nombres JDownloaderSetup.exe
JDownloaderSetup 4-68 TROJAN.exe
JDownloaderSetup.exe
JDownloaderSetup.exe
JDownloaderSetup.exe
JDownloaderSetup(1).exe
JDownloaderSetup.exe
JDownloaderSetup - copia.exe
JDownloaderSetup (1).exe
JDownloaderSetup.exe
JDownloaderSetup.exe
jdownloadersetup.exe
JDownloaderSetup 2.exe
JDownloaderSetup.exe
JDownloaderSetup.exe
JDownloaderSetup__.exe
JDownloaderSetup.exe
JDownloaderSetup.exe
JDownloaderSetup.exe
JD2SilentSetup_x86_h2o.exe
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!