mixiyd2.exe

Mixi

The application mixiyd2.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from cdn2.eastwhitecoal.us and multiple other hosts.
Publisher:
Mixi

Product:
Mixi

Version:
Mixi

MD5:
725537d18ef9c12e4f0b91d0168d4750

SHA-1:
b222f7f115880762531c621b8f36d352ab1b2036

SHA-256:
4ce91d32bdddb85d6603492db4d973cc768e62236b9a9180714cfc65d5150d13

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/24/2024 3:22:55 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Toolbar
4.0.3.131222

Bkav FE
W32.Clod1d1.Trojan
1.3.0.4562

Dr.Web
Adware.Babylon.9
9.0.1.0356

ESET NOD32
Win32/Toolbar.Babylon
7.8993

Fortinet FortiGate
Riskware/Toolbar
12/22/2013

Kaspersky
not-a-virus:WebToolbar.Win32.Toolbar
14.0.0.4567

Malwarebytes
v2013.12.22.10

NANO AntiVirus
Trojan.Win32.Babylon.cbibuv
0.26.0.53954

Reason Heuristics
Unnamed.Threat.15
14.3.2.13

Trend Micro House Call
TROJ_GEN.R047H01H613
7.2.356

Trend Micro
ADW_ADLOAD
10.465.22

ViRobot
Adware.Agent.864868
2011.4.7.4223

File size:
844.6 KB (864,868 bytes)

Copyright:
© Mixi

Trademarks:
Mixi

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\mixiyd2.exe

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:6Km/rgCDUMXJ+za8bYoChSA3XzbVlyz8b9N+6:argCyLbYPhV3DbE4+6

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file mixiyd2.exe has been seen being distributed by the following 2 URLs.

Remove mixiyd2.exe - Powered by Reason Core Security