home

the collapse of the third... 1940,.exe

Asper

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application the collapse of the third... 1940,.exe by Maxiget Limited has been detected as adware by 17 anti-malware scanners. The file has been seen being downloaded from files-download-59.com.
Publisher:
C Vital  (signed by Maxiget Limited)

Product:
Asper

Description:
LeaveLoadLoud

Version:
4, 10, 27, 0

MD5:
e59d9f26fbdc53c8fa5fcd5622bf841e

SHA-1:
0f3dda7cd8574144dbdb1cb66018ff3855fd4cf4

SHA-256:
78a500aef0d74c886005e3d79f74ef3975f90c9172f8ca4f5634824317fb01c6

Scanner detections:
17 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:
11/23/2024 2:42:53 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.4Shared
7.1.1

avast!
Win32:PUP-gen [PUP]
2014.9-150504

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.4shared.GSP
21995

Dr.Web
Adware.Downware.10748, Adware.Downware.10005
9.0.1.0124

ESET NOD32
Win32/4Shared.AL potentially unwanted application
9.7.0.302.0

G Data
Win32.Application.4shared
15.5.25

herdProtect (fuzzy)
variant of 4shared_desktop.exe (Adware)
2015.8.2.9

K7 AntiVirus
Trojan
13.203.15794

McAfee
Program.4shared
5600.6776

NANO AntiVirus
Riskware.Win32.Downware.dpedyt
0.30.24.1357

Panda Antivirus
Trj/Genetic.gen
15.05.04.11

Reason Heuristics
Threat.New IT Limited.Maxiget
15.5.4.7

Sophos
PUA 'Downloader'
5.13

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4150696
39676

Zillya! Antivirus
Backdoor.CPEX.Win32.30446
2.0.0.2166

File size:
57.1 KB (58,432 bytes)

Product version:
4, 10, 27, 0

Copyright:
Conical (c)

Trademarks:
TM2-15

Original file name:
lltmoping.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\the collapse of the third... 1940,.exe

Digital Signature
Signed by:
Maxiget Limited

Authority:
GoDaddy.com, Inc.

Valid from:
12/11/2014 2:36:00 PM

Valid to:
8/15/2016 8:41:32 AM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B83CBF523FA3B

File PE Metadata
Compilation timestamp:
3/3/2015 6:42:48 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:a9ZhcTYS3uUWXhdfLLCsOeMMhZVEJAUCu/7GBEgml6G:ibauU8hNWsfEJku//vF

Entry address:
0x5187

Entry point:
55, 8B, EC, 83, EC, 44, 56, FF, 15, 54, 60, 40, 00, 8B, F0, 8A, 06, 3C, 22, 74, 10, 3C, 20, 7E, 1E, 46, 80, 3E, 20, 7F, FA, EB, 16, 3C, 22, 74, 11, 46, 8A, 06, 84, C0, 75, F5, 3C, 22, 75, 07, EB, 04, 3C, 20, 7F, 07, 46, 8A, 06, 84, C0, 75, F5, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 30, 60, 40, 00, E8, 5B, 00, 00, 00, 68, 04, 80, 40, 00, 68, 00, 80, 40, 00, E8, 32, 00, 00, 00, F6, 45, E8, 01, 59, 59, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, 56, 6A, 00, 6A, 00, FF, 15, 2C, 60, 40, 00, 50, E8, B7, FC...
 
[+]

Entropy:
5.3922

Developed / compiled with:
Microsoft Visual C++

Code size:
17 KB (17,408 bytes)

The file the collapse of the third... 1940,.exe has been seen being distributed by the following URL.

https://files-download-59.com/smart-download/.../The collapse of the Third... 1940,.exe

Remove the collapse of the third... 1940,.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.