saveas.exe

SuperCharging

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application saveas.exe by Maxiget Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from ds133.downloadget.net.
Publisher:
SPC LLC  (signed by Maxiget Limited)

Product:
SuperCharging

Description:
DWD

Version:
3, 3, 22, 0

MD5:
1b05a529bfabd3746c2dd26a0b5aee1d

SHA-1:
f9423d3da5ef0b9ada363a46c7fd13978e737e2b

SHA-256:
8677571e378ff265f64e8119fbeba842472b267251556a19bb62d3520202dc0f

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:
12/26/2024 12:43:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.New IT Limited.Maxiget (M)
16.2.13.22

File size:
436.2 KB (446,688 bytes)

Product version:
3, 3, 22, 0

Copyright:
2013

Trademarks:
-

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\saveas.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
11/11/2013 6:00:00 PM

Valid to:
11/12/2014 5:59:59 PM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, STREET="Arch. Makariou III, 135", STREET="Emelle Building, 4th floor", L=Limassol, S=Limassol, PostalCode=3021, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FBB004FE732F9C48D07FE66424856186

File PE Metadata
Compilation timestamp:
5/15/2014 7:12:41 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:Ehv9K8SSeot00WQGwthtoWExghexAJwV8J0n9xc5Vz2KEbII9ff2DTI:av9KSXWxitnExghexLG4ELz2KFIeI

Entry address:
0x2A0AC

Entry point:
E8, FB, A3, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 14, A1, 58, CD, 44, 00, 33, C5, 89, 45, FC, 53, 56, 33, DB, 57, 8B, F1, 39, 1D, A4, E5, 44, 00, 75, 38, 53, 53, 33, FF, 47, 57, 68, 5C, 1D, 44, 00, 68, 00, 01, 00, 00, 53, FF, 15, 58, F1, 43, 00, 85, C0, 74, 08, 89, 3D, A4, E5, 44, 00, EB, 15, FF, 15, C4, F0, 43, 00, 83, F8, 78, 75, 0A, C7, 05, A4, E5, 44, 00, 02, 00, 00, 00, 39, 5D, 14, 7E, 22, 8B, 4D, 14, 8B, 45, 10, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, 45, 14, 2B, C1...
 
[+]

Entropy:
6.9162

Code size:
248 KB (253,952 bytes)

The file saveas.exe has been seen being distributed by the following URL.

Remove saveas.exe - Powered by Reason Core Security