home

directx.exe

Mindad media Ltd.

The application directx.exe by Mindad media has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from get.file2desktop.com.
Publisher:
Mindad media Ltd.  (signed and verified)

MD5:
f0075bdc6640740b5d5f88944296e81b

SHA-1:
2fc697815bff11fe0ef9c6cf483c4a4827e1daed

SHA-256:
50be4cd0888e9df40f842ffc04663c83f8a6e736baaba40ff51de96b17e1e509

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Analysis date:
4/25/2024 11:11:28 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Generic
2015.0.3500

Dr.Web
Adware.Downware.2081
9.0.1.0109

ESET NOD32
Win32/OutBrowse
8.9659

herdProtect (fuzzy)
variant of istream.exe (Adware)
2014.7.7.10

K7 AntiVirus
Unwanted-Program
13.176.11711

NANO AntiVirus
Trojan.Win32.Generic.cthmwf
0.28.0.59048

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.Mindadmedia.H
14.8.7.21

Sophos
DomainIQ pay-per install
4.98

File size:
971.1 KB (994,368 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\directx.exe

Digital Signature
Signed by:
Mindad media Ltd.

Authority:
COMODO CA Limited

Valid from:
8/4/2013 7:00:00 PM

Valid to:
8/5/2014 6:59:59 PM

Subject:
CN=Mindad media Ltd., O=Mindad media Ltd., STREET=hamenofim 9, STREET=herzeliya, L=herzeliya, S=herzeliya, PostalCode=46725, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0E7140EE5347CFF2FBDBE59A34386099

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:SJ7B+P88PeTSO+9lsQ39wkgIoictENhE6an/qtK7:2J8GF+9F39XgzhENBkStK7

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9274

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file directx.exe has been seen being distributed by the following URL.

http://get.file2desktop.com/.../GetMA?p=1184&productname=directx&clickid=ab353551ac3f64f5f41f8139127e8d49&filename=DirectX&l=6416&n=1&d=7623

Remove directx.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.