home

backtrack-windows-downloader.exe

Malavida Network International, S.L.

The application backtrack-windows-downloader.exe by Malavida Network International, S.L has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from dl1332d36.mvmfd.net and multiple other hosts.
Publisher:
Malavida Network International, S.L.  (signed and verified)

MD5:
698faba8e48154af73347f80e5bbc5a7

SHA-1:
813b4423980911ac48bda87e455152bd7408aaea

SHA-256:
6a21c8c5c9426c00a6899a1908e56e70f88de5d0751263ec98d14442c2569a6c

Scanner detections:
10 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
4/25/2024 7:37:44 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Toolbar.Babylon
2014.0.3616

Bkav FE
W32.Clod8e3.Trojan
1.3.0.4562

Dr.Web
Adware.Downware.1448
9.0.1.0358

ESET NOD32
Win32/Malavida
7.9121

K7 AntiVirus
Unwanted-Program
13.174.10380

McAfee
Artemis!698FABA8E481
5600.7272

Reason Heuristics
PUP.MalavidaNetworkInternationalSL.CC
14.8.7.21

Sophos
Malavida
4.95

Trend Micro House Call
TROJ_GEN.F47V1122
7.2.358

VIPRE Antivirus
Malavida
23942

File size:
380.9 KB (390,048 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Signed by:
Malavida Network International, S.L.

Authority:
VeriSign, Inc.

Valid from:
3/27/2013 2:00:00 AM

Valid to:
3/28/2014 1:59:59 AM

Subject:
CN="Malavida Network International, S.L.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Malavida Network International, S.L.", L=Valencia, S=Valencia, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0DC341780137340F059956E88184360E

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:qQqNk1HjtmMyHYZowAeATJ2fXJQkTxeEO3pv4WpNqAXJ2WptMHdNhRdPRsLhl:UapnRYFTJKJNz+lN9XNOfhRdSLhl

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9041

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file backtrack-windows-downloader.exe has been seen being distributed by the following 2 URLs.

http://dl1332d36.mvmfd.net/en/.../pageflip-free-pdf-to-powerpoint-windows-downloader.exe

http://dl1332d33.mvmfd.net/en/.../backtrack-windows-downloader.exe

Remove backtrack-windows-downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.