home

final.exe

SystemNode

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application final.exe by Maxiget Limited has been detected as adware by 16 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
SwapSystem  (signed by Maxiget Limited)

Product:
SystemNode

Description:
SystemComponent

Version:
4, 0, 27, 0

MD5:
79161bd2b8fbfbcef3eb8ce9a07d1e31

SHA-1:
2ad626278718460c8761741a36d857ddd18bf271

SHA-256:
3b9d2a258289e52423c8b4f727aa7fc31654eb3c7b2d502a7779b27bb47e0062

Scanner detections:
16 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:
5/7/2024 1:12:53 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.48298
799

Agnitum Outpost
PUA.4Shared
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.189.70

Bitdefender
Gen:Variant.Symmi.48298
1.0.20.1660

Clam AntiVirus
Win.Trojan.Symmi-798
0.98/21511

Dr.Web
Trojan.DownLoader11.46534
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Symmi.48298
9.0.0.4570

ESET NOD32
Win32/4Shared.AB potentially unwanted application
7.0.302.0

F-Prot
W32/A-1b91fffb
v6.4.7.1.166

F-Secure
Gen:Variant.Symmi.48298
11.2014-28-11_6

G Data
Gen:Variant.Symmi.48298
14.11.24

MicroWorld eScan
Gen:Variant.Symmi.48298
15.0.0.996

NANO AntiVirus
Trojan.Win32.Agent.djhhmz
0.28.6.63726

Panda Antivirus
Trj/Genetic.gen
14.11.28.03

Reason Heuristics
PUP.MaxigetLimited.F
14.11.28.3

VIPRE Antivirus
Threat.4150696
35088

File size:
549.1 KB (562,232 bytes)

Product version:
4, 0, 27, 0

Copyright:
2014

Trademarks:
SmallTrade Inc.

Original file name:
0008.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\final.exe

Digital Signature
Signed by:
Maxiget Limited

Authority:
Starfield Technologies, Inc.

Valid from:
11/4/2014 2:29:17 PM

Valid to:
8/15/2016 11:11:32 AM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B6558A31AA7EB

File PE Metadata
Compilation timestamp:
11/12/2014 10:46:15 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:DV+KPDVslxKfopYMBhWm/i0BR669FdELz2KFdI:8iDVslmIi0T669Fd42KPI

Entry address:
0x435F1

Entry point:
E8, 5D, 91, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 14, A1, 24, 6D, 46, 00, 33, C5, 89, 45, FC, 53, 56, 33, DB, 57, 8B, F1, 39, 1D, C4, C0, 49, 00, 75, 38, 53, 53, 33, FF, 47, 57, 68, 88, B2, 45, 00, 68, 00, 01, 00, 00, 53, FF, 15, 80, 71, 45, 00, 85, C0, 74, 08, 89, 3D, C4, C0, 49, 00, EB, 15, FF, 15, D4, 70, 45, 00, 83, F8, 78, 75, 0A, C7, 05, C4, C0, 49, 00, 02, 00, 00, 00, 39, 5D, 14, 7E, 22, 8B, 4D, 14, 8B, 45, 10, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, 45, 14, 2B, C1...
 
[+]

Entropy:
6.8869

Code size:
343 KB (351,232 bytes)

Remove final.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.