home

أقبل العيد عالي الدقة .exe

CHummer

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application أقبل العيد عالي الدقة .exe, “Description is empty” by Maxiget Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from stl.files-fast.net.
Publisher:
Elit -e - Company  (signed by Maxiget Limited)

Product:
CHummer

Description:
Description is empty

Version:
3, 4, 17, 0

MD5:
8f4ebfbbb67ed92017b2271475d7aae7

SHA-1:
f9aebfd251cbbed14603218337000527810ea8d9

SHA-256:
b1c935d80407bdfe1c325ffa3f8b384642e4218d319c473067014c4f9744c886

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:
11/30/2024 10:39:51 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.New IT Limited (M)
16.8.6.19

File size:
36.5 KB (37,408 bytes)

Product version:
3, 3, 53, 0

Copyright:
2014

Trademarks:
No

Original file name:
DHelper

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\أقبل العيد عالي الدقة.exe

Digital Signature
Signed by:
Maxiget Limited

Authority:
GoDaddy.com, Inc.

Valid from:
6/3/2014 11:41:06 AM

Valid to:
8/15/2016 9:41:32 AM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
043F9C868704FA

File PE Metadata
Compilation timestamp:
8/4/2014 6:19:14 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:9SrdaL6UcunGk10t/r3eidddddddOe8WBGFIa62:9S5AZGk1Y/zfdddddddOe8WgII

Entry address:
0x2586

Entry point:
55, 8B, EC, 83, EC, 10, 53, 56, 8D, 45, F0, 50, C7, 45, F0, 08, 00, 00, 00, C7, 45, F4, 20, 00, 00, 00, FF, 15, 00, 30, 40, 00, 68, 28, 0A, 00, 00, BE, 38, 43, B8, 00, 56, 33, DB, 53, FF, 15, 94, 30, 40, 00, 53, 68, 80, 00, 00, 00, 6A, 03, 53, 6A, 01, 68, 00, 00, 00, 80, 56, FF, 15, 8C, 30, 40, 00, 8B, F0, 83, FE, FF, 0F, 84, 95, 00, 00, 00, 56, E8, 6F, EE, FF, FF, 59, 56, 88, 45, FF, FF, 15, 90, 30, 40, 00, 38, 5D, FF, 74, 7F, 66, 39, 1D, 28, 90, 40, 00, 74, 0A, B8, 28, 90, 40, 00, E8, 86, EF, FF, FF, E8...
 
[+]

Entropy:
5.8014

Developed / compiled with:
Microsoft Visual C++

Code size:
6 KB (6,144 bytes)

The file أقبل العيد عالي الدقة .exe has been seen being distributed by the following URL.

https://stl.files-fast.net/.../???? ????? ???? ????? .exe

Remove أقبل العيد عالي الدقة .exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.