xpadder-windows-downloader.exe

Malavida Network International, S.L.

The application xpadder-windows-downloader.exe by Malavida Network International, S.L has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from dl1332a73.mvmfd.net and multiple other hosts.
Publisher:
Malavida Network International, S.L.  (signed and verified)

MD5:
0ce7226d7b652d5ec109e00bee618978

SHA-1:
ba16527d0fbe7700bcf36337f2cf95fce5dc9875

SHA-256:
edeb9606903eaad5c55fe0b89df6f8f86302a7ff2e6f38da74304b2aa35e4cfc

Scanner detections:
8 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
11/23/2024 7:35:23 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Toolbar.Babylon
2015.0.3449

Dr.Web
Adware.Downware.1448
9.0.1.0160

ESET NOD32
Win32/Malavida
8.8887

McAfee
Artemis!0CE7226D7B65
5600.7105

Reason Heuristics
PUP.MalavidaNetworkInternationalSL.AA
14.8.7.21

Sophos
Malavida
4.93

Trend Micro House Call
TROJ_GEN.F47V0410
7.2.160

VIPRE Antivirus
Malavida
22176

File size:
158.1 KB (161,872 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\xpadder-windows-downloader.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/26/2013 5:00:00 PM

Valid to:
3/27/2014 4:59:59 PM

Subject:
CN="Malavida Network International, S.L.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Malavida Network International, S.L.", L=Valencia, S=Valencia, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0DC341780137340F059956E88184360E

File PE Metadata
Compilation timestamp:
12/5/2009 3:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:yLk395hYXJsNP+Ye2D/3eOjy4mMirHYZfLUwA7JEDe9WDXndYO6:yQqO+Z2bdjtmMyHYZowAQe0dK

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.6311

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file xpadder-windows-downloader.exe has been seen being distributed by the following 4 URLs.

http://dl1332a73.mvmfd.net/en/.../visual-basic-6-sp6-windows-downloader.exe

http://dl1332ac7.mvmfd.net/en/.../microsoft-access-windows-downloader.exe

Remove xpadder-windows-downloader.exe - Powered by Reason Core Security