See:
http://www.seoimage.com/seo-tools/check-server-headers.phpHTTP Header Viewer
URL Analyzed: htxp://dl.wasdmr.com/n/3.0.17.4/5363260/PhotoScape.exe
LOCATION: 1
htxp://dl.wasdmr.com/n/3.0.17.4/5363260/PhotoScape.exe
Remote IP Address: 64.90.186.5
Approximate Size: 0 bytes
HTTP Code: 302 - Moved Temporarily: WARNING 302 REDIRECT
Location 1 source:
HTTP/1.0 302 Moved Temporarily
Content-Type: text/html
Location: htxp://dl.wasdmr.com/n/3.0.20/5363260/PhotoScape.exe
Server: nginx
x-id: 5363260
x-namespace: 3.0.17.4
X-Powered-By: PHP/5.3.10-1ubuntu3.7
X-Whom: www-node08
Content-Length: 0
Date: Mon, 23 Sep 2013 20:15:28 GMT
Connection: close
LOCATION: 2
htxp://dl.wasdmr.com/n/3.0.20/5363260/PhotoScape.exe
Remote IP Address: 64.90.186.5
Approximate Size: 102,577 bytes (may be truncated)
HTTP Code: 200 - Found - OK
Location 2 source:
HTTP/1.0 200 OK
Content-Disposition: attachment; filename=PhotoScape.exe
Content-Transfer-Encoding: binary
Content-Type: application/octet-stream
Pragma: public
Server: nginx
X-Powered-By: PHP/5.3.10-1ubuntu3.7
X-Whom: www-node08
Content-Length: 167736
Cache-Control: private, must-revalidate, max-age=0, post-check=0, pre-check=0
Expires: Mon, 23 Sep 2013 20:15:28 GMT
Date: Mon, 23 Sep 2013 20:15:28 GMT
Connection: close
The file was flagged as PUP:
https://www.virustotal.com/en/file/d2d9e73075487e4c8a9a68e1c2ba47dca52f23c8c5aab8f40cc0ccf9bf8510a4/analysis/1379952196/ (initial link, dectection and alert provided by our forum friend, Pondus - Pondus, again thanks for the heads-up on this)
polonus
