» apowersoft screen record...v3.0.4 incl keymaker.exe
Overview
Analysis
File Details
Downloads (1)

apowersoft screen record...v3.0.4 incl keymaker.exe

SystemNode

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application apowersoft screen record...v3.0.4 incl keymaker.exe by Maxiget Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from 4sx.files-download-79.com.

File name:

Publisher:

SwapSystem (signed by Maxiget Limited)

Product:

SystemNode

Description:

SystemComponent

Version:

4, 0, 32, 0

MD5:

fa4211d04be83257f193eca45f045a74

SHA-1:

9688c6ceb918f48e855d3494d8007393750b35ee

SHA-256:

a61e0117c2c0625e192fe51a959605a599a62cb233b29644d188090781178b44

Scanner detections:

1 / 68

Status:

Adware

Explanation:

This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:

1/12/2025 11:07:06 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.New IT Limited.Maxiget (M)

16.6.14.2

File size:

172.4 KB (176,528 bytes)

Product version:

4, 0, 32, 0

2014

Trademarks:

SmallTrade Inc.

Original file name:

0008.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\apowersoft screen record...v3.0.4 incl keymaker.exe

Digital Signature

Signed by:

Maxiget Limited

Authority:

Starfield Technologies, Inc.

Valid from:

11/4/2014 5:59:17 PM

Valid to:

8/15/2016 1:41:32 PM

Subject:

CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:

CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B6558A31AA7EB

File PE Metadata

Compilation timestamp:

11/26/2014 12:22:35 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1536:L44vTrfFpPumXiJ3+y19odkTAZkFrfWWXHKOxNZk3ZqpZGJZg/Z8EfRyf3bUbEpo:zR5iJ3+ndkTPri2NqKOCLpyfImZk3H

Entry address:

0x3261

Entry point:

E8, F6, 15, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, 4B, 16, 00, 00, 33, C0, 5D, C2, 04, 00, 68, 6B, 32, 40, 00, FF, 15, 54, A1, 40, 00, 33, C0, C3, 8B, FF, 55, 8B, EC, 57, BF, E8, 03, 00, 00, 57, FF, 15, F0, A0, 40, 00, FF, 75, 08, FF, 15, C0, A0, 40, 00, 81, C7, E8, 03, 00, 00, 81, FF, 60, EA, 00... 
[+]

Entropy:

6.9880

Code size:

33 KB (33,792 bytes)

The file apowersoft screen record...v3.0.4 incl keymaker.exe has been seen being distributed by the following URL.

https://4sx.files-download-79.com/.../apowersoft screen record...v3.0.4 incl keymaker.exe

Remove apowersoft screen record...v3.0.4 incl keymaker.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.