savenet.exe

Anton Melnikov

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application savenet.exe by Anton Melnikov has been detected as adware by 13 anti-malware scanners. The file has been seen being downloaded from saveneto.info.
Publisher:
Anton Melnikov  (signed and verified)

MD5:
bdfcc6faacb92849eba2ac8ee19705f2

SHA-1:
45c23eea58fb00abd408f843eab7ea310f08c683

SHA-256:
6be6f1e589ce78eb23a1110e6b97b8262526b28ad550117511b44aaa61427dcc

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
11/23/2024 5:26:28 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clodf96.Trojan
1.3.0.4959

Comodo Security
ApplicUnwnt
17921

Dr.Web
Adware.Downware.1521
9.0.1.0117

ESET NOD32
Win32/Adware.MultiPlug (variant)
8.9535

IKARUS anti.virus
not-a-virus:Downloader.Win32.AdLoad
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.176.11422

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
14.0.0.3950

McAfee
Artemis!BDFCC6FAACB9
5600.7147

Panda Antivirus
Suspicious file
14.04.27.11

Reason Heuristics
PUP.AntonMelnikov.H
14.4.28.10

Sophos
Generic PUA EF
4.98

Trend Micro House Call
TROJ_GEN.F47V1012
7.2.117

VIPRE Antivirus
Trojan.Win32.Generic
27326

File size:
246.9 KB (252,800 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\savenet.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/26/2013 5:00:00 PM

Valid to:
8/27/2014 4:59:59 PM

Subject:
CN=Anton Melnikov, O=Anton Melnikov, STREET=Borshagovskaya 117, L=Kiev, S=Kiev, PostalCode=03058, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008EFE75FFE332B06C663189A317121232

File PE Metadata
Compilation timestamp:
9/4/2013 12:05:23 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:hr/fsVreLdKiF4EDsRpNDZqt9urU/3+vCk+2Ph3COLjy+Us+k:NUHiy5RV69nP453rLjyJs+k

Entry address:
0x8F9F

Entry point:
E8, 75, A9, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 70, 69, 42, 00, E8, 3B, 4D, 00, 00, E8, 41, 28, 00, 00, 0F, B7, F0, 6A, 02, E8, 08, A9, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 03, 6E, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
5.7557

Code size:
117 KB (119,808 bytes)

The file savenet.exe has been seen being distributed by the following URL.

Remove savenet.exe - Powered by Reason Core Security