mixiyd4.exe

Mix

The application mixiyd4.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from cdn.file2desktop.com.
Publisher:
Mix

Product:
Mix

Version:
1.0

MD5:
5cb31c0bb00c6c6dc4dbfb13a311a777

SHA-1:
36daa74bcae8df792b54dbc5d2964a6ddf5028e2

SHA-256:
0e09dcab2c92471604426f3ccddaf448af87d2f9766f80a1e91234466d3cc37d

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/24/2024 3:32:42 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Agent
7.1.1

Dr.Web
Adware.Babylon.10
9.0.1.037

ESET NOD32
Win32/Toolbar.Babylon (variant)
8.9280

Fortinet FortiGate
Riskware/Toolbar
2/6/2014

K7 AntiVirus
Adware
13.175.10814

Kaspersky
not-a-virus:WebToolbar.Win32.Toolbar
14.0.0.4353

Malwarebytes
PUP.Optional.MixiToolBar.A
v2014.02.06.09

NANO AntiVirus
Trojan.Win32.Babylon.cezitv
0.28.0.57029

Trend Micro House Call
TROJ_GEN.F47V0904
7.2.37

File size:
842.3 KB (862,556 bytes)

Copyright:
© Mix

Trademarks:
Mix

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\mixiyd4.exe

File PE Metadata
Compilation timestamp:
12/6/2009 6:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:OhnjMCFUsXb+Ha8bCoSDyA3zzj9lyzwfZT/Bg+B:UjMC6LbCnD13vj8T+B

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9784

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file mixiyd4.exe has been seen being distributed by the following URL.

Remove mixiyd4.exe - Powered by Reason Core Security