mixcraft_download.exe

The application mixcraft_download.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. The file has been seen being downloaded from www.appladdin.com and multiple other hosts.
MD5:
296d66c0f6f05c2eeed3beb8de46c595

SHA-1:
860608163a442fbfd6c3517c94d09a55b1beec92

SHA-256:
1497d986067e508ab568e14c290aebcadeef391b03f6fdfe9eaa6995d6e44e22

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
12/29/2024 1:06:05 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
ASD.Reputation
2015.06.30

avast!
Win32:Rootkit-gen [Rtk]
2014.9-150720

Baidu Antivirus
PUA.Win32.DownWare
4.0.3.15720

Dr.Web
Adware.Downware.7946
9.0.1.0201

ESET NOD32
Win32/DownWare.AB potentially unwanted
9.11866

K7 AntiVirus
Trojan
13.205.16407

Kaspersky
not-a-virus:AdWare.Win32.SearchProtect
14.0.0.1706

McAfee
RDN/Generic PUP.z!ff
5600.6698

Panda Antivirus
Generic Suspicious
15.07.20.08

Trend Micro
TROJ_GEN.R021C0OC815
10.465.20

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
41584

File size:
79.9 KB (81,842 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\mixcraft_download.exe

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:2QpQ5EP0ijnRTXJjcPWP78ZbM4wSsuJd5u48n4HuG5u+53hAAaAe:2QIURTXJjcPwgZ9wSsceAO8f5RAA7e

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
6.7537

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file mixcraft_download.exe has been seen being distributed by the following 2 URLs.

Remove mixcraft_download.exe - Powered by Reason Core Security