saveas.exe

SystemNode

Luftix Limited

The application saveas.exe by Luftix Limited has been detected as adware by 23 anti-malware scanners. The file has been seen being downloaded from mxc.files-download-41.com.
Publisher:
SwapSystem  (signed by Luftix Limited)

Product:
SystemNode

Description:
SystemComponent

Version:
4, 0, 34, 0

MD5:
0f05dfcfb4f1c84faf0bf4e563ae0388

SHA-1:
dd4064dfbf0b09b842ebe7de63edb2397fcaabe1

SHA-256:
c4168a956fcabf02c7d58fdef89bb1ac0929ca8f077d03d766b64d02a30b9997

Scanner detections:
23 / 68

Status:
Adware

Analysis date:
11/27/2024 10:12:00 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.4Shared
7.1.1

AhnLab V3 Security
PUP/Win32.Bundler
2015.01.08

Avira AntiVirus
TR/Agent.41392
7.11.200.6

AVG
Generic
2017.0.2835

Bitdefender
Gen:Variant.Strictor.71861
1.0.20.220

Clam AntiVirus
Win.Trojan.12295446
0.98/21511

Dr.Web
Trojan.DownLoader11.50017
9.0.1.044

Emsisoft Anti-Malware
Gen:Variant.Strictor.71861
8.16.02.13.01

ESET NOD32
Win32/4Shared.AE potentially unwanted application
10.7.0.302.0

F-Prot
W32/S-94f3ad35
v6.4.7.1.166

F-Secure
Gen:Variant.Strictor.71861
11.2016-13-02_7

G Data
Gen:Variant.Strictor.71861
16.2.24

IKARUS anti.virus
PUA.4Shared
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.1814571

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.670

McAfee
4shared
5600.6491

MicroWorld eScan
Gen:Variant.Strictor.71861
17.0.0.132

NANO AntiVirus
Trojan.Win32.Badur.djxstg
0.30.0.64448

Panda Antivirus
Trj/Genetic.gen
16.02.13.01

Reason Heuristics
PUP.Luftix (M)
16.2.13.1

Vba32 AntiVirus
Trojan.Badur
3.12.26.3

VIPRE Antivirus
Threat.4150696
36340

Zillya! Antivirus
Trojan.Badur.Win32.7508
2.0.0.2027

File size:
40.4 KB (41,352 bytes)

Product version:
4, 0, 34, 0

Copyright:
2014

Trademarks:
SmallTrade Inc.

Original file name:
0008.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\saveas.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/4/2014 2:00:00 AM

Valid to:
11/23/2015 1:59:59 AM

Subject:
CN=Luftix Limited, O=Luftix Limited, L=Limassol, S=Limassol, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
65B46D422549BECB7431517FC687ECB1

File PE Metadata
Compilation timestamp:
12/5/2014 7:56:44 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:TLzuQ4rWQBJQUR7BeFUCX2lkD/EW+FvvHI:TSW0J3OUCXDD/E9F3o

Entry address:
0x338E

Entry point:
55, 8B, EC, 83, EC, 44, 56, FF, 15, 54, 40, 40, 00, 8B, F0, 8A, 06, 3C, 22, 74, 10, 3C, 20, 7E, 1E, 46, 80, 3E, 20, 7F, FA, EB, 16, 3C, 22, 74, 11, 46, 8A, 06, 84, C0, 75, F5, 3C, 22, 75, 07, EB, 04, 3C, 20, 7F, 07, 46, 8A, 06, 84, C0, 75, F5, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 30, 40, 40, 00, E8, 5B, 00, 00, 00, 68, 04, 60, 40, 00, 68, 00, 60, 40, 00, E8, 32, 00, 00, 00, F6, 45, E8, 01, 59, 59, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, 56, 6A, 00, 6A, 00, FF, 15, 2C, 40, 40, 00, 50, E8, 93, FC...
 
[+]

Entropy:
5.6898

Developed / compiled with:
Microsoft Visual C++

Code size:
9.5 KB (9,728 bytes)

The file saveas.exe has been seen being distributed by the following URL.

Remove saveas.exe - Powered by Reason Core Security