home

directx.exe

Mindad media Ltd.

The application directx.exe by Mindad media has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from get.file2desktop.com.
Publisher:
Mindad media Ltd.  (signed and verified)

MD5:
6d4a35df8827f8bd1f2224db597d83aa

SHA-1:
e75cc340aab5093ad92234b74403ec6d996c9b5c

SHA-256:
9b339b7638e09febc606014e5d905d4485ee366cfe7164dcb4b74f87c956e7a2

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Analysis date:
4/26/2024 9:58:22 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3422

ESET NOD32
Win32/OutBrowse.W potentially unwanted application
7.0.302.0

K7 AntiVirus
Unwanted-Program
13.180.12626

McAfee
Adware-OutBrowse
5600.7078

NANO AntiVirus
Trojan.Win32.Generic.dbxkzp
0.28.0.60577

Reason Heuristics
PUP.Mindadmedia.H
14.8.7.21

Sophos
DomainIQ pay-per install
4.98

VIPRE Antivirus
Threat.4784459
29708

File size:
976.7 KB (1,000,152 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\directx.exe

Digital Signature
Signed by:
Mindad media Ltd.

Authority:
COMODO CA Limited

Valid from:
8/4/2013 8:00:00 PM

Valid to:
8/5/2014 7:59:59 PM

Subject:
CN=Mindad media Ltd., O=Mindad media Ltd., STREET=hamenofim 9, STREET=herzeliya, L=herzeliya, S=herzeliya, PostalCode=46725, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0E7140EE5347CFF2FBDBE59A34386099

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:j5EbpMuxNHsGFP0+Ce3HrlBzE2xKdDFypCtPnVvg/xfZW7P:lGpMuxxFp0te3HJBzE2xKdDyCtPn1g/I

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9226

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file directx.exe has been seen being distributed by the following URL.

http://get.file2desktop.com/.../GetMA?p=1184&l=6416&n=1&productname=DirectX&clickid=53256529392ced35c1c8b98477a686f6&filename=DirectX&d=7623

Remove directx.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.