» 00000000
Overview
Analysis
File Details

00000000

SystemNode

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file 00000000 by Maxiget Limited has been detected as adware by 33 anti-malware scanners.

File name:

00000000

Publisher:

SwapSystem (signed by Maxiget Limited)

Product:

SystemNode

Description:

SystemComponent

Version:

4, 0, 27, 0

MD5:

98732865b0b7e91b46b41868a3329c0b

SHA-1:

03dc06766cac608dc4b2364ab343c71aebf151d9

SHA-256:

0efe269e9f6f5d915dbbff82d3a9789fa61d49e8331b2334b87a03e7a3010e36

Scanner detections:

33 / 68

Status:

Adware

Explanation:

This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:

4/20/2024 1:26:31 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Symmi.49456

354

Agnitum Outpost

PUA.4Shared

7.1.1

AhnLab V3 Security

Win-Trojan/Malpacked3.Gen

2014.11.23

Avira AntiVirus

APPL/Downloader.Gen4

7.11.188.58

AVG

Generic

2017.0.2832

Baidu Antivirus

Adware.Win32.4Shared

4.0.3.16215

Bitdefender

Gen:Variant.Graftor.163677

1.0.20.230

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Trojan.4shared-32

0.98/19940

Comodo Security

Application.Win32.4Shared.FG

20166

Dr.Web

Adware.Downware.9208

9.0.1.046

Emsisoft Anti-Malware

Gen:Variant.Application.Symmi.49456

8.16.02.15.07

ESET NOD32

Win32/4Shared.AE potentially unwanted application

10.7.0.302.0

F-Prot

W32/A-63d5a2cf

v6.4.7.1.166

F-Secure

Riskware.Gen:Variant.Application.Symmi

11.2016-15-02_2

G Data

Win32.Application.4Shared

16.2.24

IKARUS anti.virus

PUA.4Shared

t3scan.1.8.3.0

K7 AntiVirus

Unwanted-Program

13.185.14098

Kaspersky

Trojan-Dropper.Win32.Agent

14.0.0.656

Malwarebytes

Adware.Agent

v2016.02.15.07

McAfee

Program.4shared

5600.6488

MicroWorld eScan

Gen:Variant.Graftor.163677

17.0.0.138

NANO AntiVirus

Riskware.Win32.ArchSMS.dipmvj

0.28.6.62995

Norman

Trojan.Generic.12366158

11.20160215

nProtect

Trojan.Generic.12366158

14.12.22.01

Panda Antivirus

Trj/Genetic.gen

16.02.15.07

Reason Heuristics

PUP.New IT Limited.Maxiget (M)

16.2.15.19

Rising Antivirus

PE:Trojan.Win32.badur.a!1075355892

23.00.65.16213

Sophos

4Share Downloader

4.98

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Threat.4150696

34232

ViRobot

Worm.Win32.P2P-Palevo.B.Gen

2011.4.7.4223

Zillya! Antivirus

Adware.Agent.Win32.22206

2.0.0.1992

File size:

43.9 KB (44,992 bytes)

Product version:

4, 0, 27, 0

2014

Trademarks:

SmallTrade Inc.

Original file name:

0008.exe

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\google\chrome\user data\default\file system\005\t\00\00000000

Digital Signature

Signed by:

Maxiget Limited

Authority:

Starfield Technologies, Inc.

Valid from:

11/4/2014 6:59:17 PM

Valid to:

8/15/2016 2:41:32 PM

Subject:

CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:

CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B6558A31AA7EB

File PE Metadata

Compilation timestamp:

11/13/2014 3:15:22 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

384:r3FLzKXqF8emdriRDdyQm7hq18ha50qXUlfzAQ3myyqAV10gOCooqDG8pplDMDbW:rVL0BL7m/0qXURMayjyptHVOpZdFRS

Entry address:

0x2F16

Entry point:

55, 8B, EC, 83, EC, 10, 53, 56, 57, 8D, 45, F0, 50, C7, 45, F0, 08, 00, 00, 00, C7, 45, F4, 20, 00, 00, 00, FF, 15, 00, 40, 40, 00, 68, 28, 0A, 00, 00, BE, B8, A4, BB, 00, 56, 33, DB, 53, FF, 15, 98, 40, 40, 00, 53, 68, 80, 00, 00, 00, 6A, 03, 53, 6A, 01, 68, 00, 00, 00, 80, 56, FF, 15, 90, 40, 40, 00, 8B, F0, 83, FE, FF, 0F, 84, 0A, 01, 00, 00, 56, E8, FA, E6, FF, FF, 59, 56, 88, 45, FF, FF, 15, 94, 40, 40, 00, 38, 5D, FF, 0F, 84, F0, 00, 00, 00, 68, 90, 01, 00, 00, BF, 14, 51, 40, 00, 57, FF, 15, 5C, 40... 
[+]

Entropy:

5.9641

Developed / compiled with:

Microsoft Visual C++

Code size:

8.5 KB (8,704 bytes)

Remove 00000000 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.