» legendas34.exe
Overview
Analysis
File Details
Downloads (2)

legendas34.exe

Legendas 3.4

Dantis Tecnologia Ltda ME

The application legendas34.exe, “Legendas 3.4 Setup ” by Dantis Tecnologiaa ME has been detected as a potentially unwanted program by 24 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.subtitles4free.net and multiple other hosts.

File name:

legendas34.exe

Publisher:

Legendas Brasil (signed by Dantis Tecnologia Ltda ME)

Product:

Legendas 3.4

Description:

Legendas 3.4 Setup

MD5:

4a3e9c6d36a380275ffce4798fccb734

SHA-1:

8751b71dd70b08cd0069aa28b6859f8552ede84f

SHA-256:

c97440f8aacd150fb0be8b0e5fea1b7e4acd2243bb06afee6942742364bcdd96

Scanner detections:

24 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/5/2024 9:37:33 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.15336575

401

Arcabit

Trojan.Generic.DEA047F

1.0.0.637

AVG

Generic

2016.0.2879

Baidu Antivirus

Hacktool.Win64.NetFilter

4.0.3.151230

Bitdefender

Trojan.Generic.15336575

1.0.20.1820

Comodo Security

UnclassifiedMalware

23869

Dr.Web

Trojan.Fakealert.51956

9.0.1.0364

Emsisoft Anti-Malware

Trojan.Generic.15336575

8.15.12.30.02

ESET NOD32

Win32/RiskWare.NetFilter

9.12790

Fortinet FortiGate

Riskware/NetFilter

12/30/2015

F-Secure

Trojan.Generic.15336575

11.2015-30-12_4

G Data

Trojan.Generic.15336575

15.12.25

IKARUS anti.virus

PUA.RiskWare.NetFilter

t3scan.1.9.5.0

K7 AntiVirus

Riskware

13.212.18248

Kaspersky

not-a-virus:NetTool.Win64.NetFilter

14.0.0.892

McAfee

Artemis!4A3E9C6D36A3

5600.6535

MicroWorld eScan

Trojan.Generic.15336575

16.0.0.1092

Norman

Trojan.Generic.15336575

11.20151230

nProtect

Trojan.Generic.15336575

15.12.29.01

Panda Antivirus

Trj/CI.A

15.12.30.02

Rising Antivirus

PE:Adware.InstallCore!1.A30C [F]

23.00.65.151228

Sophos

Generic PUA IH (PUA)

4.98

VIPRE Antivirus

NetFilter

46134

Zillya! Antivirus

Trojan.Jorik.Win32.402811

2.0.0.2583

File size:

2.5 MB (2,649,048 bytes)

Product version:

3.4

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\legendas34.exe

Digital Signature

Signed by:

Dantis Tecnologia Ltda ME

Authority:

GoDaddy.com, Inc.

Valid from:

9/11/2015 4:44:39 PM

Valid to:

9/11/2016 4:44:39 PM

Subject:

CN=Dantis Tecnologia Ltda ME, O=Dantis Tecnologia Ltda ME, L=Sao Jose, S=Santa Catarina, C=BR

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

00953F34DF067F1B14

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:z9V6Hy32tgxZ8rvqUj4F/gcOCRbV/1zeS3VEpK2eQPvO3:pVuy22Zuj0/gcLRB8sVFQP

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file legendas34.exe has been seen being distributed by the following 2 URLs.

http://www.subtitles4free.net/download.php?software=Legendas34&action=update

http://www.legendasbrasil.org/.../Legendas34.exe

Remove legendas34.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.