download.exe

Moovida

Secure Digital Services Limited

The application download.exe, “Moovida ” by Secure Digital Services Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from app.media-app.com a known adware distribution point operated by Aedge Performance BCN, S.L.U..
Publisher:
Secure Digital Services   (signed by Secure Digital Services Limited)

Product:
Moovida

Description:
Moovida

Version:
1.00.0000

MD5:
479383271f5e13e7279ea5beeceac4a3

SHA-1:
753a97ed5a5b567578a7b2a1c6b4b63aff8f18e9

SHA-256:
abe05ceb9fab8bcae43bccb35230badb10519a4decb043fb0307d6f28ded67ff

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/29/2024 6:59:59 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OfferBox.SecureDigitalServices.Installer (M)
16.1.24.2

File size:
1019.6 KB (1,044,080 bytes)

Product version:
1.00.0000

Copyright:
Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.

Original file name:
moovida-setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\download.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/16/2009 1:00:00 AM

Valid to:
11/17/2011 12:59:59 AM

Subject:
CN=Secure Digital Services Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Secure Digital Services Limited, L=Dublin, S=Dublin, C=IE

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3B62DC3672D1D2047D8974361B53ECE7

File PE Metadata
Compilation timestamp:
6/10/2009 9:03:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:Y2TIyT39KAMp6TNpGrkvNhKebRffQtTBiQJtQWw4:z1T39WpijGrkvvKURX6TgKtZw4

Entry address:
0x6A832

Entry point:
55, 8B, EC, 6A, FF, 68, B0, D0, 48, 00, 68, D0, B3, 46, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 90, B1, 48, 00, 33, D2, 8A, D4, 89, 15, A0, 16, 4B, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 9C, 16, 4B, 00, C1, E1, 08, 03, CA, 89, 0D, 98, 16, 4B, 00, C1, E8, 10, A3, 94, 16, 4B, 00, 6A, 01, E8, 45, 39, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C2, 00, 00, 00, 59, E8, 6A, 17, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B1, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
552 KB (565,248 bytes)

The file download.exe has been seen being distributed by the following URL.

Remove download.exe - Powered by Reason Core Security