photoplus august 2014 - mr festus.exe

Filegetter

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application photoplus august 2014 - mr festus.exe, “Helps file downloading” by Maxiget Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from kph.files-free.net.
Publisher:
Company limited  (signed by Maxiget Limited)

Product:
Filegetter

Description:
Helps file downloading

Version:
3, 3, 40, 0

MD5:
8ee7390574920c3d5a62165f09b81cbb

SHA-1:
7a5f2842dc926170e590e3fceb58024344754825

SHA-256:
1fb7d80ae99434dbc59ad4b6911f46fe0593d793005b0930e054fcfd8821e825

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:
11/2/2024 11:21:01 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.New IT Limited.Maxiget (M)
16.1.31.11

File size:
429 KB (439,264 bytes)

Product version:
3, 3, 40, 0

Copyright:
2014

Trademarks:
Company(C)

Original file name:
FilegetterInstrumnet

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\photoplus august 2014 - mr festus.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
6/3/2014 1:41:06 AM

Valid to:
8/14/2016 11:41:32 PM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
043F9C868704FA

File PE Metadata
Compilation timestamp:
7/3/2014 5:09:23 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:wTfMcpR8Zhdv/8kqcZI7U1K3EbY5m50HfPVTJ16k9xbu4rl:YfMcf851TZI7UQ3EbYg50H3Bf6kJ

Entry address:
0x2B30B

Entry point:
E8, FD, A3, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 14, A1, A8, ED, 44, 00, 33, C5, 89, 45, FC, 53, 56, 33, DB, 57, 8B, F1, 39, 1D, 04, 06, 45, 00, 75, 38, 53, 53, 33, FF, 47, 57, 68, 60, 3E, 44, 00, 68, 00, 01, 00, 00, 53, FF, 15, 50, 11, 44, 00, 85, C0, 74, 08, 89, 3D, 04, 06, 45, 00, EB, 15, FF, 15, CC, 10, 44, 00, 83, F8, 78, 75, 0A, C7, 05, 04, 06, 45, 00, 02, 00, 00, 00, 39, 5D, 14, 7E, 22, 8B, 4D, 14, 8B, 45, 10, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, 45, 14, 2B, C1...
 
[+]

Entropy:
6.8549

Code size:
252.5 KB (258,560 bytes)

The file photoplus august 2014 - mr festus.exe has been seen being distributed by the following URL.

Remove photoplus august 2014 - mr festus.exe - Powered by Reason Core Security