home

microsoft_toolkit_final_157tj.exe

SAAS-MIKRO LTD

This is the bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application microsoft_toolkit_final_157tj.exe by SAAS-MIKRO has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the Winner Download Manager installer. The file has been seen being downloaded from 64174.get-wn.net.
Publisher:
SAAS-MIKRO LTD  (signed and verified)

Description:
installer.exe

Version:
2.2.3.9

MD5:
062645f11862d404fa012314e5cda23b

SHA-1:
868d4395c250dfe53cdd776d01c0dea57b5ba07c

SHA-256:
80d30a69c0bc7bafaff29f587ee9cd06636d86112418ae5c90e75d5d3b6cd946

Scanner detections:
17 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/26/2024 1:03:50 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Kazy.503521
716

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
Generic
2015.0.3283

Bitdefender
Gen:Variant.Application.Kazy.503521
1.0.20.245

Clam AntiVirus
Win.Trojan.Agent-835218
0.98/21511

Dr.Web
Trojan.Packed.29383
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Kazy.503521
8.15.02.18.05

ESET NOD32
Win32/bmMedia.FB potentially unwanted application
7.0.302.0

F-Prot
W32/S-5b9b29fa
v6.4.7.1.166

F-Secure
Riskware.Gen:Variant.Application.Kazy
11.2015-18-02_4

G Data
Gen:Variant.Application.Kazy.503521
15.2.25

MicroWorld eScan
Gen:Variant.Application.Kazy.503521
16.0.0.147

NANO AntiVirus
Trojan.Win32.Agent.djppdx
0.30.0.65070

Panda Antivirus
Trj/Genetic.gen
15.02.18.05

Reason Heuristics
PUP.Installer.SAASMIKRO.DD
14.11.29.20

VIPRE Antivirus
Threat.4150696
36694

Zillya! Antivirus
Downloader.Agent.Win32.230707
2.0.0.2055

File size:
2.4 MB (2,494,464 bytes)

Product version:
2.1.487.487

Copyright:
Copyright 2015 Digital Sasa Distribute Software. Alle rettigheder forbeholdt.(2711)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Winner Download Manager

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\microsoft_toolkit_final_157tj.exe

Digital Signature
Signed by:
SAAS-MIKRO LTD

Authority:
COMODO CA Limited

Valid from:
10/22/2014 2:00:00 AM

Valid to:
10/23/2015 1:59:59 AM

Subject:
CN=SAAS-MIKRO LTD, O=SAAS-MIKRO LTD, STREET="Nikitinskaya 55, 28", L=Samara, S=Oblast' Samarskaya, PostalCode=443041, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EDC9512E69A8E16CBF42BCB4FD3FD1CD

File PE Metadata
Compilation timestamp:
11/21/2014 5:59:56 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:NZjGXIpe9YM5nNcl0LnaWSqEjOogoVnlSdboe0YcHrkFfmnth2INXF9ou1XOYwQ3:7GIE9N5ySaPVnA1VRmvBFWC5w0G9Rk1Z

Entry address:
0x1B71F

Entry point:
55, 89, E5, 83, EC, 6C, 68, D1, 1F, 41, 00, E8, F1, 6D, 01, 00, 6A, FF, 51, 8D, 4D, D8, 51, 8A, 4C, 24, 13, E8, CE, 01, FF, FF, FF, 35, C8, F1, 43, 00, 8B, F0, 33, DB, 8B, 45, EC, 88, 48, 24, 8B, 4D, 0C, 56, FF, 35, 50, F0, 43, 00, E8, B8, 02, FF, FF, FF, 35, AC, F1, 43, 00, E8, A2, E3, FE, FF, 8A, 8D, 1B, FF, FF, FF, 83, C4, 10, 89, 04, 1E, FE, C1, C6, 45, FF, 00, C7, 45, F4, 80, F2, 43, 00, EB, DA, 89, 75, BC, 85, F6, FF, D1, 85, F6, 0F, 85, E2, FF, FF, FF, 8D, 8D, 40, FE, FF, FF, 8B, C1, 23, C6, 50, FF...
 
[+]

Entropy:
5.2377

Code size:
240 KB (245,760 bytes)

The file microsoft_toolkit_final_157tj.exe has been seen being distributed by the following URL.

http://64174.get-wn.net/?id=t06aa&nor=1&sub=minecraft&name=Microsoft Toolkit Final

Remove microsoft_toolkit_final_157tj.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.