weDownload

weDownload

Known Malware

by weDownload Ltd

What is weDownload?

weDownload is software application developed by weDownload Ltd. It is most commonly found on computers running Windows 7 with nearly 67.26% of installations running this operating system. weDownload's installer is typically 5.00 MB in size and installs around 16 files. The most common release is 1.27.153.10 with 61.90% of all installations currently using this version.

weDownload is most popular in the United States with 82.92% of installations residing in this country.

About weDownload?

WeDownload is a browser extension and Browser Helper Object designed to deliver contextual-based advertising to web browsers. This software may also modify the user's browser home and search pages, as well as 'New Tab' pages, in order to promote advertising and search content. Additionally, WeDownload may come bundled with potentially unwanted applications from the same publisher, as well as third-party apps.

Multiple virus scanners have detected malware in weDownload.

utils.exe (MD5: 3aaf79e22fa8ed6e5efe0d4484a642cb) has been flagged by 13 scanners:
Scanner Software Result
Baidu-International Trojan.Win32.Packed.aZ
ESET-NOD32 Win32/Packed.ScrambleWrapper.C
Symantec WS.Reputation
TrendMicro-HouseCall TROJ_GEN.F47V0716
AVG Generic_r.GS
Dr.Web Trojan.Crossrider.32
K7 AntiVirus Trojan ( 0048c68d1 )
K7GW Trojan ( 0048c68d1 )
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
McAfee Artemis!994D74E080FE
McAfee-GW-Edition Artemis!994D74E080FE
VIPRE Antivirus Crossrider (fs)
Trend Micro ADW_GAMEPLAYLABS
weDownload-updater.exe (MD5: 994d74e080febf782c91d5dbc275a304) has been flagged by 13 scanners:
Scanner Software Result
AVG Generic_r.GS
Baidu-International Adware.Win32.CrossRider.J
Dr.Web Trojan.Crossrider.32
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.J
K7 AntiVirus Trojan ( 0048c68d1 )
K7GW Trojan ( 0048c68d1 )
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
McAfee Artemis!994D74E080FE
McAfee-GW-Edition Artemis!994D74E080FE
TrendMicro-HouseCall TROJ_GEN.F47V1028
VIPRE Antivirus Crossrider (fs)
Symantec WS.Reputation.1
Trend Micro ADW_GAMEPLAYLABS
weDownload-firefoxinstaller.exe (MD5: 9ca06a46aee0910ce983794eb89d700d) has been flagged by 6 scanners:
Scanner Software Result
Baidu-International Adware.Win32.CrossRider.K
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.K
McAfee Artemis!9CA06A46AEE0
McAfee-GW-Edition Artemis!9CA06A46AEE0
Symantec WS.Reputation.1
VIPRE Antivirus Crossrider (fs)
weDownload-enabler.exe (MD5: d91dc8ec3e3e9dcfb0e244a911f79e2c) has been flagged by 5 scanners:
Scanner Software Result
Baidu-International Adware.Win32.CrossRider.K
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.K
McAfee Artemis!D91DC8EC3E3E
McAfee-GW-Edition Artemis!D91DC8EC3E3E
VIPRE Antivirus Crossrider (fs)
weDownload-codedownloader.exe (MD5: 97da8e17c0ff8c759c8c61c3b29dab50) has been flagged by 8 scanners:
Scanner Software Result
Baidu-International Trojan.Win32.Toolbar.CrossRider.J
Dr.Web Trojan.Crossrider.1
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.J
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K
VIPRE Antivirus Crossrider (fs)
McAfee Artemis!9CA06A46AEE0
Symantec WS.Reputation.1

Startup Entries

Startup tasks:
  • weDownload-firefoxinstaller.exe is automatically launched at startup through a scheduled task named weDownload-firefoxinstaller.
  • weDownload-updater.exe is automatically launched at startup through a scheduled task named weDownload-updater.
  • weDownload-enabler.exe is automatically launched at startup through a scheduled task named weDownload-enabler.
  • weDownload-codedownloader.exe is automatically launched at startup through a scheduled task named weDownload-codedownloader.
  • weDownload-chromeinstaller.exe is automatically launched at startup through a scheduled task named weDownload-chromeinstaller.

Software Details

URL:
https://www.wedownload.com
Support:
Installation path:
C:\Program Files\wedownload
Uninstaller:
C:\Program Files\weDownload\Uninstall.exe /fromcontrolpanel=1
Size:
5.00 MB
Language:
English

weDownload Executable Details

Primary executable:
utils.exe
Name:
weDownload
Path:
C:\Program Files\wedownload\utils.exe
MD5:
3aaf79e22fa8ed6e5efe0d4484a642cb
SHA-1:
SHA-256:
Files installed by weDownload
File Type Filename MD5
EXE
uninstall.exe
e295ba897b930714a17a88e9a7146d06
EXE
utils.exe
Malware
3aaf79e22fa8ed6e5efe0d4484a642cb
EXE
weDownload-helper.exe
8597cc6ba434c377cf6efd82aac66608
DLL
weDownload-buttonutil64.dll
d21b23e2511e14fbc261b3d95dd9fe58
DLL
weDownload-buttonutil.dll
3f2920f139acde73be7a7ac8a050bc1f
EXE
weDownload-updater.exe
Malware
994d74e080febf782c91d5dbc275a304
EXE
weDownload-firefoxinstaller.exe
Malware
9ca06a46aee0910ce983794eb89d700d
EXE
weDownload-enabler.exe
Malware
d91dc8ec3e3e9dcfb0e244a911f79e2c
EXE
weDownload-codedownloader.exe
Malware
97da8e17c0ff8c759c8c61c3b29dab50
EXE
weDownload-chromeinstaller.exe
Malware
53775160b02c2c2b4d4b0f859ae6ee71