home

หยดน้ำที่เคลื่อนไหว เคล...v]-[www_flv2mp3_com].exe

Get your downloads

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application หยดน้ำที่เคลื่อนไหว เคล...v]-[www_flv2mp3_com].exe by Maxiget Limited has been detected as adware by 14 anti-malware scanners. The file has been seen being downloaded from ds212.maxiget.com and multiple other hosts.
Publisher:
Company #1  (signed by Maxiget Limited)

Product:
Get your downloads

Version:
3, 1, 28, 0

MD5:
001e2efd540140cb4bea2c1ff97464e3

SHA-1:
082c49505c0709584f08d94c88eda4130af01b4f

SHA-256:
0fc6e6939c2cf4fd526c9b87d28f7d4f53d47c29afa7a8d10e8023be865e7dc3

Scanner detections:
14 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:
4/26/2024 6:47:09 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.4Shared
7.1.1

AhnLab V3 Security
PUP/Win32.Downloader
2015.01.29

AVG
Generic
2016.0.2971

Baidu Antivirus
Adware.Win32.4Shared
4.0.3.15930

Comodo Security
Application.Win32.Graftor.KLK
20884

ESET NOD32
Win32/4Shared (variant)
9.11090

K7 AntiVirus
Trojan
13.193.14791

Malwarebytes
PUP.Optional.4Shared
v2015.09.30.05

McAfee
Artemis!001E2EFD5401
5600.6627

NANO AntiVirus
Riskware.Win32.MLW.dbwwpx
0.30.0.65070

Reason Heuristics
PUP.New IT Limited.Maxiget (M)
15.9.30.5

Sophos
4Share Downloader
4.98

Trend Micro House Call
Suspicious_GEN.F47V0117
7.2.273

VIPRE Antivirus
Adware.Win32.4Shared.a
37064

File size:
311.9 KB (319,400 bytes)

Product version:
3, 1, 28, 0

Copyright:
Copyright (C) 2013

Trademarks:
TM(c)

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\??????????????????? ???...v]-[www_flv2mp3_com].exe

Digital Signature
Signed by:
Maxiget Limited

Authority:
GoDaddy.com, Inc.

Valid from:
8/15/2013 1:41:32 PM

Valid to:
8/15/2016 1:41:32 PM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
045BA815265145

File PE Metadata
Compilation timestamp:
1/17/2014 10:47:51 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:q89fYKACMR9bQGArMaOo5FfYN+dc4CcGo+olLlTBiZ4jcXE3+4+zvFHPvXu:nf9/rMalCcp/kZVES5H+

Entry address:
0x25E61

Entry point:
E8, 5C, 89, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B...
 
[+]

Entropy:
6.3668

Code size:
224 KB (229,376 bytes)

The file หยดน้ำที่เคลื่อนไหว เคล...v]-[www_flv2mp3_com].exe has been seen being distributed by the following 9 URLs.

http://ds212.maxiget.com/.../03_?????????(???).exe

http://ds212.maxiget.com/.../???????? - alarm9.exe

http://ds212.maxiget.com/.../18. Richard Marx - Now And Forever.exe

http://ds212.maxiget.com/.../SaveAs.exe

http://ds212.maxiget.com/.../DRIVER EPSON L210.exe

http://ds212.maxiget.com/.../hey!! e-dok joey boy.exe

http://ds212.maxiget.com/.../?? ????? ???????????? - ???????????????.exe

http://ds212.maxiget.com/.../2012-GI-eCatalog-BIKE.exe

http://ds212.maxiget.com/.../VIDEO_PLAYER_UPGRADE.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.