home

adobe-livecycle-designer-windows-downloader.exe

Malavida Network International, S.L.

The application adobe-livecycle-designer-windows-downloader.exe by Malavida Network International, S.L has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from dl1332c5c.mvmfd.net and multiple other hosts.
Publisher:
Malavida Network International, S.L.  (signed and verified)

MD5:
b1185bb1a92e971d37e0bdf47a3292e4

SHA-1:
1e9f0de293332d5075132c836bc6debcf6881b96

SHA-256:
5d9a57062ce708a675309eda6fbaae3181d918970252958d3f7695c0c4fed74f

Scanner detections:
9 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
5/4/2024 12:17:40 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Toolbar.Babylon
2015.0.3596

Dr.Web
Adware.Downware.1448
9.0.1.013

ESET NOD32
Win32/Malavida
8.8807

K7 AntiVirus
Unwanted-Program
13.172.9576

McAfee
Artemis!B1185BB1A92E
5600.7252

Reason Heuristics
PUP.MalavidaNetworkInternationalSL.l
14.8.7.21

Sophos
Malavida
4.91

Trend Micro House Call
TROJ_GEN.F47V0830
7.2.13

VIPRE Antivirus
Malavida
21526

File size:
244.5 KB (250,368 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\adobe-livecycle-designer-windows-downloader.exe

Digital Signature
Signed by:
Malavida Network International, S.L.

Authority:
VeriSign, Inc.

Valid from:
3/27/2013 8:00:00 AM

Valid to:
3/28/2014 7:59:59 AM

Subject:
CN="Malavida Network International, S.L.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Malavida Network International, S.L.", L=Valencia, S=Valencia, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0DC341780137340F059956E88184360E

File PE Metadata
Compilation timestamp:
12/6/2009 6:50:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:bQq4kjtmMyHYZowAeATJ2fXJQkTxeEO3AVdA:KkpnRYFTJKJNzpVdA

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8107

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file adobe-livecycle-designer-windows-downloader.exe has been seen being distributed by the following 10 URLs.

http://dl1332c5c.mvmfd.net/en/.../baidu-antivirus-windows-downloader.exe

http://dl1332c56.mvmfd.net/en/.../the-sims-2-windows-downloader.exe

http://dl1332c5b.mvmfd.net/en/.../encore-windows-downloader.exe

http://dl1332c5f.mvmfd.net/en/.../microsoft-word-windows-downloader.exe

http://dl1332c5c.mvmfd.net/en/.../microsoft-office-windows-downloader.exe

http://dl1332c5f.mvmfd.net/en/.../superoneclick-windows-downloader.exe

http://dl1332c62.mvmfd.net/en/.../proteus-windows-downloader.exe

http://dl1332c58.mvmfd.net/en/.../glass-notepad-windows-downloader.exe

http://dl1332c63.mvmfd.net/en/.../labview-windows-downloader.exe

http://dl1332c5e.mvmfd.net/en/.../adobe-livecycle-designer-windows-downloader.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.