يارب تمطر نسوان محمد نور.exe

Get your downloads

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application يارب تمطر نسوان محمد نور.exe by Maxiget Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from ds212.maxiget.com and multiple other hosts.
Publisher:
Company #1  (signed by Maxiget Limited)

Product:
Get your downloads

Version:
3, 1, 23, 0

MD5:
0c50d7901ebf2855efe2f8c6248336b5

SHA-1:
f0d0c8b53c10d65baa212e594f8bc3294d53cac4

SHA-256:
702444f7144d86b1809bf8c1fad4edf57b1c49a28b3ad1577788f82969be5355

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:
12/24/2024 5:01:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.New IT Limited.Maxiget (M)
16.6.20.23

File size:
311.4 KB (318,888 bytes)

Product version:
3, 1, 23, 0

Copyright:
Copyright (C) 2013

Trademarks:
TM(c)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\يارب تمطر نسوان محمد نور.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
8/15/2013 9:41:32 AM

Valid to:
8/15/2016 9:41:32 AM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
045BA815265145

File PE Metadata
Compilation timestamp:
12/26/2013 3:03:42 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:NduDCloyI5uf6wG16nO4CXGm6Jsd7ir2/z0uxIBqesCJEcjpwsJHuLVz4+zyFHPh:uDRBR6nQ02b5GJnp4L/mHs3xS

Entry address:
0x25DF1

Entry point:
E8, 5C, 89, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B...
 
[+]

Entropy:
6.3708

Code size:
223.5 KB (228,864 bytes)

The file يارب تمطر نسوان محمد نور.exe has been seen being distributed by the following 2 URLs.