mixiyd.exe

Mixi TB

The application mixiyd.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from dmrm038s4vkzd.cloudfront.net and multiple other hosts.
Publisher:
Mixi TB

Product:
Mixi TB

Version:
Mixi TB

MD5:
c397194f5961804b5ecbc7ebe4ecf08d

SHA-1:
64b6ed621c082822dd2e25dd2ea2b8c896b74c32

SHA-256:
0b4aad7e13f88d4e963f44925582d63c86d4eab1d9983620bde975d6cca7ad49

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
11/23/2024 10:47:25 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.Babylon
7.1.1

Baidu Antivirus
Adware.Win32.Bbylon
4.0.3.14928

Comodo Security
TrojWare.Win32.Agent.oenx
19520

Dr.Web
Adware.Babylon.9
9.0.1.0271

ESET NOD32
Win32/DownWare
8.10420

Fortinet FortiGate
W32/StartPage.BGNH!tr
9/28/2014

IKARUS anti.virus
PUA.VisualTools
t3scan.1.7.8.0

Malwarebytes
Trojan.StartPage
v2014.09.28.11

McAfee
Artemis!C397194F5961
5600.6994

NANO AntiVirus
Trojan.Win32.Babylon.cutyoy
0.28.2.61942

nProtect
Trojan/W32.StartPage.840297
14.09.15.01

Qihoo 360 Security
Win32/Trojan.8cd
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.157BA547!360424775
23.00.65.14926

Sophos
Generic PUA GE
4.98

Vba32 AntiVirus
Trojan.StartPage
3.12.26.3

ViRobot
Trojan.Win32.A.StartPage.840297
2011.4.7.4223

File size:
820.6 KB (840,297 bytes)

Copyright:
© Mixi TB

Trademarks:
Mixi TB

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\mixiyd.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:+x9/rgCDUMXJ+za8bYoChSA3XzbVlyz8b9Z:wrgCyLbYPhV3DbEG

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file mixiyd.exe has been seen being distributed by the following 2 URLs.

Remove mixiyd.exe - Powered by Reason Core Security