» tai.chi.zero.2012.bluray.720p.x264.ganool.exe
Overview
Analysis
File Details
Downloads (1)

tai.chi.zero.2012.bluray.720p.x264.ganool.exe

Filegetter

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application tai.chi.zero.2012.bluray.720p.x264.ganool.exe, “Helps file downloading” by Maxiget Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from uni.files-fast.net.

File name:

Publisher:

Company limited (signed by Maxiget Limited)

Product:

Filegetter

Description:

Helps file downloading

Version:

3, 3, 40, 0

MD5:

0abc01eb5e0fdd6ff1b612f48378c93b

SHA-1:

c3a3cba115735de3d9c3191483b215288ab123f5

SHA-256:

d9c0d8842cb297bc08bbb85bb35916afb9b478dd8946353cc20aa0f56b44e824

Scanner detections:

1 / 68

Status:

Adware

Explanation:

This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:

11/30/2024 10:42:49 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.New IT Limited.Maxiget (M)

16.4.7.22

File size:

366.6 KB (375,416 bytes)

Product version:

3, 3, 40, 0

2014

Trademarks:

Company(C)

Original file name:

FilegetterInstrumnet

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\tai.chi.zero.2012.bluray.720p.x264.ganool.exe

Digital Signature

Signed by:

Maxiget Limited

Authority:

GoDaddy.com, Inc.

Valid from:

6/3/2014 4:41:06 PM

Valid to:

8/15/2016 2:41:32 PM

Subject:

CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

043F9C868704FA

File PE Metadata

Compilation timestamp:

7/3/2014 8:08:55 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:sxU3NhIzxqoJgP+Qk264fSOtaRTIjWv4pJSEB9uADIBtqbgG:SU3NhWqiQkX4KOtatIjJpcY99D3v

Entry address:

0x27612

Entry point:

E8, 95, 91, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 14, A1, E8, 7B, 44, 00, 33, C5, 89, 45, FC, 53, 56, 33, DB, 57, 8B, F1, 39, 1D, 5C, 92, 44, 00, 75, 38, 53, 53, 33, FF, 47, 57, 68, 1C, D3, 43, 00, 68, 00, 01, 00, 00, 53, FF, 15, 5C, B1, 43, 00, 85, C0, 74, 08, 89, 3D, 5C, 92, 44, 00, EB, 15, FF, 15, B0, B0, 43, 00, 83, F8, 78, 75, 0A, C7, 05, 5C, 92, 44, 00, 02, 00, 00, 00, 39, 5D, 14, 7E, 22, 8B, 4D, 14, 8B, 45, 10, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, 45, 14, 2B, C1... 
[+]

Entropy:

6.7180

Code size:

231 KB (236,544 bytes)

The file tai.chi.zero.2012.bluray.720p.x264.ganool.exe has been seen being distributed by the following URL.

https://uni.files-fast.net/.../Tai.Chi.Zero.2012.BluRay.720p.x264.Ganool.exe

Remove tai.chi.zero.2012.bluray.720p.x264.ganool.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.