maconfig_win.exe

Cybelsoft

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.logitheque.com and multiple other hosts.
Publisher:
Cybelsoft  (signed and verified)

MD5:
ef8bda2d2181471e646b6ca490e831b8

SHA-1:
2d3f3ac1300405a6a5490771191061de76f4874e

SHA-256:
65fc37db991931c011b81c10a6e0b8fe1e5c360e32a45c24599669f3e4bc1728

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/28/2024 11:24:39 AM UTC  (today)

Scan engine
Detection
Engine version

nProtect
Trojan-Clicker/W32.RON.255800
13.12.22.01

File size:
249.8 KB (255,800 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\maconfig_win.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/4/2011 1:00:00 AM

Valid to:
3/13/2014 12:59:59 AM

Subject:
CN=Cybelsoft, OU=www.ma-config.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Cybelsoft, S=Vienne, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
406847B45F972D19F9885E1FECC4E67F

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:2QIURTXJ1mFrRlELZ9HlbKMLtsWpHnV2vUmL2cxF3SPl3n1x2uxpwQw+ipxo+XsN:2sXC8vFFBsGHVEgVHvQQw+iXo+tKT3

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file maconfig_win.exe has been discovered within the following program.

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
 
Powered by Should I Remove It?

The file maconfig_win.exe has been seen being distributed by the following 2 URLs.

Scan maconfig_win.exe - Powered by Reason Core Security