legendas34.exe

Legendas 3.4

Dantis Tecnologia Ltda ME

The application legendas34.exe, “Legendas 3.4 Setup ” by Dantis Tecnologiaa ME has been detected as a potentially unwanted program by 24 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.subtitles4free.net and multiple other hosts.
Publisher:
Legendas Brasil   (signed by Dantis Tecnologia Ltda ME)

Product:
Legendas 3.4

Description:
Legendas 3.4 Setup

MD5:
4a3e9c6d36a380275ffce4798fccb734

SHA-1:
8751b71dd70b08cd0069aa28b6859f8552ede84f

SHA-256:
c97440f8aacd150fb0be8b0e5fea1b7e4acd2243bb06afee6942742364bcdd96

Scanner detections:
24 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/25/2024 12:16:07 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.15336575
401

Arcabit
Trojan.Generic.DEA047F
1.0.0.637

AVG
Generic
2016.0.2879

Baidu Antivirus
Hacktool.Win64.NetFilter
4.0.3.151230

Bitdefender
Trojan.Generic.15336575
1.0.20.1820

Comodo Security
UnclassifiedMalware
23869

Dr.Web
Trojan.Fakealert.51956
9.0.1.0364

Emsisoft Anti-Malware
Trojan.Generic.15336575
8.15.12.30.02

ESET NOD32
Win32/RiskWare.NetFilter
9.12790

Fortinet FortiGate
Riskware/NetFilter
12/30/2015

F-Secure
Trojan.Generic.15336575
11.2015-30-12_4

G Data
Trojan.Generic.15336575
15.12.25

IKARUS anti.virus
PUA.RiskWare.NetFilter
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.212.18248

Kaspersky
not-a-virus:NetTool.Win64.NetFilter
14.0.0.892

McAfee
Artemis!4A3E9C6D36A3
5600.6535

MicroWorld eScan
Trojan.Generic.15336575
16.0.0.1092

Norman
Trojan.Generic.15336575
11.20151230

nProtect
Trojan.Generic.15336575
15.12.29.01

Panda Antivirus
Trj/CI.A
15.12.30.02

Rising Antivirus
PE:Adware.InstallCore!1.A30C [F]
23.00.65.151228

Sophos
Generic PUA IH (PUA)
4.98

VIPRE Antivirus
NetFilter
46134

Zillya! Antivirus
Trojan.Jorik.Win32.402811
2.0.0.2583

File size:
2.5 MB (2,649,048 bytes)

Product version:
3.4

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\legendas34.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
9/11/2015 4:44:39 PM

Valid to:
9/11/2016 4:44:39 PM

Subject:
CN=Dantis Tecnologia Ltda ME, O=Dantis Tecnologia Ltda ME, L=Sao Jose, S=Santa Catarina, C=BR

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00953F34DF067F1B14

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:z9V6Hy32tgxZ8rvqUj4F/gcOCRbV/1zeS3VEpK2eQPvO3:pVuy22Zuj0/gcLRB8sVFQP

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file legendas34.exe has been seen being distributed by the following 2 URLs.

Remove legendas34.exe - Powered by Reason Core Security