» saveas.exe
Overview
Analysis
File Details
Downloads (1)

saveas.exe

SN Pro tool

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application saveas.exe by Maxiget Limited has been detected as adware by 31 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from mxc.files-download-59.com.

File name:

saveas.exe

Publisher:

SSPlus (signed by Maxiget Limited)

Product:

SN Pro tool

Description:

PracticalForce

Version:

4, 0, 37, 0

MD5:

89b69f0d671cbbc28b248500d2bfcd23

SHA-1:

3c507d1ab90f2d47cd35c601eeca2b22a1752dd8

SHA-256:

69cf289cf536aad73c4f09cdfc85173ff882cdc23edb093f12b931ce6b4dc8ee

Scanner detections:

31 / 68

Status:

Adware

Explanation:

This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:

1/13/2025 1:41:35 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Strictor.72449

372

Agnitum Outpost

PUA.4Shared

7.1.1

AhnLab V3 Security

PUP/Win32.Bundler

2014.12.22

Avira AntiVirus

Adware/Sushi.psb

7.11.30.172

avast!

Win32:FourShared-S [PUP]

2014.9-160129

Bitdefender

Gen:Variant.Application.Bundler.Strictor.72449

1.0.20.145

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Trojan.Agent-831951

0.98/20565

Comodo Security

Application.Win32.4shared.GSP

21051

Dr.Web

Adware.Downware.10732, Adware.Downware.9608

9.0.1.029

Emsisoft Anti-Malware

Gen:Variant.Kazy.540149

8.16.01.29.05

ESET NOD32

Win32/4Shared.AB potentially unwanted application

10.7.0.302.0

F-Prot

W32/S-e896e9f7

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.540149

11.2016-29-01_6

G Data

Gen:Variant.Application.Bundler.Strictor.72449

16.1.24

IKARUS anti.virus

PUA.4Shared

t3scan.1.8.5.0

K7 AntiVirus

Unwanted-Program

13.188.14368

Kaspersky

not-a-virus:Downloader.Win32.4Shared

14.0.0.744

Malwarebytes

PUP.Optional.4Shared

v2016.01.29.05

McAfee

Program.4shared

5600.6506

MicroWorld eScan

Gen:Variant.Application.Bundler.Strictor.72449

17.0.0.87

NANO AntiVirus

Riskware.Win32.Downware.dklsuw

0.28.6.64267

Norman

Gen:Variant.Kazy.540149

11.20160129

Panda Antivirus

Trj/Genetic.gen

16.01.29.05

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Quick Heal

TrojanFakeAV.Agent.01428

1.16.14.00

Reason Heuristics

PUP.New IT Limited.Maxiget (M)

16.1.29.5

Rising Antivirus

PE:Malware.4Shared!6.1B9C

23.00.65.16127

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Threat.4150696

35418

Zillya! Antivirus

Backdoor.CPEX.Win32.30037

2.0.0.2012

File size:

42.7 KB (43,696 bytes)

Product version:

4, 0, 37, 0

2014 (c) PPT

Trademarks:

SST LLC.

Original file name:

breaker.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\saveas.exe

Digital Signature

Signed by:

Maxiget Limited

Authority:

Starfield Technologies, Inc.

Valid from:

11/4/2014 5:59:17 PM

Valid to:

8/15/2016 1:41:32 PM

Subject:

CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:

CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B6558A31AA7EB

File PE Metadata

Compilation timestamp:

12/11/2014 10:17:20 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

768:txYY1An/cSsTG2lYIr/Ki0nJQUR7BSQD9MI28b2Gz:QY1E8bKimJ3BSQpMIJ

Entry address:

0x3B66

Entry point:

55, 8B, EC, 83, EC, 44, 56, FF, 15, 54, 40, 40, 00, 8B, F0, 8A, 06, 3C, 22, 74, 10, 3C, 20, 7E, 1E, 46, 80, 3E, 20, 7F, FA, EB, 16, 3C, 22, 74, 11, 46, 8A, 06, 84, C0, 75, F5, 3C, 22, 75, 07, EB, 04, 3C, 20, 7F, 07, 46, 8A, 06, 84, C0, 75, F5, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 30, 40, 40, 00, E8, 5B, 00, 00, 00, 68, 04, 60, 40, 00, 68, 00, 60, 40, 00, E8, 32, 00, 00, 00, F6, 45, E8, 01, 59, 59, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, 56, 6A, 00, 6A, 00, FF, 15, 2C, 40, 40, 00, 50, E8, F8, FC... 
[+]

Entropy:

5.6534

Developed / compiled with:

Microsoft Visual C++

Code size:

11.5 KB (11,776 bytes)

The file saveas.exe has been seen being distributed by the following URL.

https://mxc.files-download-59.com/smart-download/.../SaveAs.exe

Remove saveas.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.