hirens-bootcd-windows-downloader.exe

Malavida Network International, S.L.

The application hirens-bootcd-windows-downloader.exe by Malavida Network International, S.L has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from dl1332c72.mvmfd.net and multiple other hosts.
Publisher:
Malavida Network International, S.L.  (signed and verified)

MD5:
f7e0546b6188f835d21eeb12fac3e496

SHA-1:
defbe5719af882ee0f4cc9a03a5bd1553245c9b2

SHA-256:
456771cb4a92bd4d9e98fa574fdf82867cf1aa12efe7a65feee02fbb06122f00

Scanner detections:
10 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
11/14/2024 5:49:13 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Toolbar.Babylon
2015.0.3409

Dr.Web
Adware.Downware.1448
9.0.1.0200

Emsisoft Anti-Malware
Gen:Adware.MPlug
8.14.07.19.03

ESET NOD32
Win32/Malavida
8.9538

Malwarebytes
PUP.Optional.Malavida
v2014.07.19.03

McAfee
Artemis!F7E0546B6188
5600.7065

Reason Heuristics
PUP.MalavidaNetworkInternationalSL.a
14.8.7.21

Sophos
Malavida
4.98

Trend Micro House Call
TROJ_GEN.F47V0923
7.2.200

VIPRE Antivirus
Malavida
27326

File size:
305.5 KB (312,848 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/26/2013 5:00:00 PM

Valid to:
3/27/2014 4:59:59 PM

Subject:
CN="Malavida Network International, S.L.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Malavida Network International, S.L.", L=Valencia, S=Valencia, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0DC341780137340F059956E88184360E

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:KQqDITjtmMyHYZowAeATJ2fXJQkTxeEO3Avv4WpNqAXJ2WpqdL:qIpnRYFTJKJNzpvlN9XKdL

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8657

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file hirens-bootcd-windows-downloader.exe has been seen being distributed by the following 3 URLs.

Remove hirens-bootcd-windows-downloader.exe - Powered by Reason Core Security