» mixiyd4.exe
Overview
Analysis
File Details
Downloads (1)

mixiyd4.exe

Mix

The application mixiyd4.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from cdn.file2desktop.com.

File name:

mixiyd4.exe

Publisher:

Mix

Product:

Mix

Version:

1.0

MD5:

5cb31c0bb00c6c6dc4dbfb13a311a777

SHA-1:

36daa74bcae8df792b54dbc5d2964a6ddf5028e2

SHA-256:

0e09dcab2c92471604426f3ccddaf448af87d2f9766f80a1e91234466d3cc37d

Scanner detections:

9 / 68

Status:

Potentially unwanted

Explanation:

The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:

11/23/2024 9:33:08 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Agent

7.1.1

Dr.Web

Adware.Babylon.10

9.0.1.037

ESET NOD32

Win32/Toolbar.Babylon (variant)

8.9280

Fortinet FortiGate

Riskware/Toolbar

2/6/2014

K7 AntiVirus

Adware

13.175.10814

Kaspersky

not-a-virus:WebToolbar.Win32.Toolbar

14.0.0.4353

Malwarebytes

PUP.Optional.MixiToolBar.A

v2014.02.06.09

NANO AntiVirus

Trojan.Win32.Babylon.cezitv

0.28.0.57029

Trend Micro House Call

TROJ_GEN.F47V0904

7.2.37

File size:

842.3 KB (862,556 bytes)

Trademarks:

Mix

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\mixiyd4.exe

File PE Metadata

Compilation timestamp:

12/6/2009 6:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:OhnjMCFUsXb+Ha8bCoSDyA3zzj9lyzwfZT/Bg+B:UjMC6LbCnD13vj8T+B

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9784

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file mixiyd4.exe has been seen being distributed by the following URL.

http://cdn.file2desktop.com/.../MixiYD4.exe

Remove mixiyd4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.