» mc guime país do futebol part emicida.exe
Overview
Analysis
File Details
Downloads (7)
Network (1)

mc guime país do futebol part emicida.exe

Get your downloads

Maxiget Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application mc guime país do futebol part emicida.exe by Maxiget Limited has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the New IT Desktop Setup installer. The file has been seen being downloaded from ds212.maxiget.com and multiple other hosts. While running, it connects to the Internet address hosted-by.leaseweb.com on port 80 using the HTTP protocol.

File name:

Publisher:

Company #1 (signed by Maxiget Limited)

Product:

Get your downloads

Version:

3, 0, 16, 0

MD5:

a439aca20cce96146ccca2b80ee73a26

SHA-1:

77573cf0a349843690e7616b42e318616bbd2d42

SHA-256:

3a35188e629fd21de659a16a3c2bd61fa11df80a3161de7818b9f8fcdcb49391

Scanner detections:

10 / 68

Status:

Adware

Explanation:

This is a modified installer version of the software and bundles additional offers including adware.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/26/2024 10:54:22 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/Delta.H.17

7.11.111.144

ESET NOD32

Win32/Maxiget (variant)

8.9015

herdProtect (fuzzy)

variant of aomtradutor 1.1.exe (Adware)

2014.11.18.12

K7 AntiVirus

Unwanted-Program

13.173.10112

McAfee

Artemis!55B9E1244CA7

5600.7005

Reason Heuristics

PUP.MaxigetLimited.h

14.9.16.15

Sophos

4Share Downloader

4.94

SUPERAntiSpyware

Trojan.Agent/Gen-Downloader

10356

Trend Micro House Call

TROJ_GEN.F47V1030

7.2.259

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

File size:

137 KB (140,304 bytes)

Product version:

3, 0, 16, 0

Trademarks:

TM(c)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

New IT Desktop Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\mc guime país do futebol part emicida.exe

Digital Signature

Signed by:

Maxiget Limited

Authority:

GoDaddy.com, Inc.

Valid from:

8/15/2013 3:41:32 AM

Valid to:

8/15/2016 3:41:32 AM

Subject:

CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

045BA815265145

File PE Metadata

Compilation timestamp:

10/16/2013 8:12:10 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:TpZFCFqqw38YzQIIIiGee637+rOFHPvw2Eb:vaqqy1RLiGhU2KHwzb

Entry address:

0x9893

Entry point:

E8, 1B, 4E, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24... 
[+]

Code size:

73 KB (74,752 bytes)

The file mc guime país do futebol part emicida.exe has been seen being distributed by the following 7 URLs.

http://ds212.maxiget.com/.../Playback Harpa Cristã- 4.exe

http://ds212.maxiget.com/.../103-john_mayer-in_your_atmosphere_(acoustic).exe

http://ds212.maxiget.com/.../Ultimate You.exe

http://ds212.maxiget.com/.../cd matheus e kauan - ao ...sertanejoarrochamp3).exe

http://ds212.maxiget.com/.../vegas.pro.12.-patch.exe

http://ds212.maxiget.com/.../Adriana Calcanhoto - Claudinho e Buchecha.exe

http://ds212.maxiget.com/.../Livro Anatomia Humana BÃ... - Dangelo e Fattini.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to hosted-by.leaseweb.com (95.211.186.171:80)

Remove mc guime país do futebol part emicida.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.