home

marisela-completamente tuya.exe

Get your downloads

Maxiget Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application marisela-completamente tuya.exe by Maxiget Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the New IT Desktop Setup installer. The file has been seen being downloaded from ds123.maxiget.com.
Publisher:
Company #1  (signed by Maxiget Limited)

Product:
Get your downloads

Version:
3, 1, 11, 0

MD5:
fbed9a9da10916d4968af1a4f0afe372

SHA-1:
f59f4973c95753bfd4a74de85cee0509c1d18828

SHA-256:
3285333664a4ed5b83ab47447916e2eae7ad3b161b3c70195b25b2d9a53c4b97

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/30/2024 10:27:39 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.New IT Limited (M)
16.7.16.2

File size:
602.4 KB (616,896 bytes)

Product version:
3, 1, 11, 0

Copyright:
Copyright (C) 2013

Trademarks:
TM(c)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
New IT Desktop Setup

Common path:
C:\users\{user}\downloads\marisela-completamente tuya.exe

Digital Signature
Signed by:
Maxiget Limited

Authority:
GoDaddy.com, Inc.

Valid from:
8/15/2013 1:41:32 AM

Valid to:
8/15/2016 1:41:32 AM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
045BA815265145

File PE Metadata
Compilation timestamp:
11/21/2013 5:59:41 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:U8ArcGnuvX8OzJMwsTrfKiBxR2SisyBARjPt2uo5rp+7EpN2rRqB:wovdMwsXCMxR5WBsp2uo5rp+oj2rRe

Entry address:
0x3A796

Entry point:
E8, 3D, 30, 01, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 4D, 08, EB, 07, 49, 80, 38, 00, 74, 06, 40, 85, C9, 75, F5, 49, 8B, 45, 08, 2B, C1, 48, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 14, A1, D4, 4C, 47, 00, 33, C5, 89, 45, FC, 53, 56, 33, DB, 57, 8B, F1, 39, 1D, EC, 64, 47, 00, 75, 38, 53, 53, 33, FF, 47, 57, 68, 34, 98, 46, 00, 68, 00, 01, 00, 00, 53, FF, 15, 8C, 61, 46, 00, 85, C0, 74, 08, 89, 3D, EC, 64, 47, 00, EB, 15, FF, 15, C0, 60, 46, 00, 83, F8, 78, 75, 0A, C7, 05, EC, 64, 47, 00, 02, 00, 00...
 
[+]

Code size:
403.5 KB (413,184 bytes)

The file marisela-completamente tuya.exe has been seen being distributed by the following URL.

http://ds123.maxiget.com/.../marisela-completamente tuya.exe

Remove marisela-completamente tuya.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.