» final.exe
Overview
Analysis
File Details

final.exe

SystemNode

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application final.exe by Maxiget Limited has been detected as adware by 15 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

final.exe

Publisher:

SwapSystem (signed by Maxiget Limited)

Product:

SystemNode

Description:

SystemComponent

Version:

4, 0, 27, 0

MD5:

57d999ea05a554f840d464d955658d49

SHA-1:

b929da57629d503bd519dbb2ea2c329bce681a14

SHA-256:

bf57d723b813acdb0046c6496e5718593a2898ecc3101b377517650ea3baaac9

Scanner detections:

15 / 68

Status:

Adware

Explanation:

This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:

4/24/2024 11:27:53 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.48298

799

Agnitum Outpost

PUA.4Shared

7.1.1

Avira AntiVirus

APPL/Downloader.Gen

7.11.189.70

Bitdefender

Gen:Variant.Symmi.48298

1.0.20.1660

Clam AntiVirus

Win.Trojan.Symmi-798

0.98/21511

Dr.Web

Trojan.DownLoader11.46534

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Symmi.48298

9.0.0.4570

ESET NOD32

Win32/4Shared.AB potentially unwanted application

7.0.302.0

F-Prot

W32/A-1b91fffb

v6.4.7.1.166

G Data

Gen:Variant.Symmi.48298

14.11.24

MicroWorld eScan

Gen:Variant.Symmi.48298

15.0.0.996

NANO AntiVirus

Trojan.Win32.Agent.djhhmz

0.28.6.63726

Panda Antivirus

Trj/Genetic.gen

14.11.28.03

Reason Heuristics

PUP.MaxigetLimited.F

14.11.28.3

VIPRE Antivirus

Threat.4150696

35088

File size:

549.1 KB (562,232 bytes)

Product version:

4, 0, 27, 0

2014

Trademarks:

SmallTrade Inc.

Original file name:

0008.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\final.exe

Digital Signature

Signed by:

Maxiget Limited

Authority:

Starfield Technologies, Inc.

Valid from:

11/4/2014 2:29:17 PM

Valid to:

8/15/2016 11:11:32 AM

Subject:

CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:

CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B6558A31AA7EB

File PE Metadata

Compilation timestamp:

11/12/2014 10:46:15 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:DV+KPDVslxKfopYMBhWm/i0BR669FdELz2KFJI:8iDVslmIi0T669Fd42KfI

Entry address:

0x435F1

Entry point:

E8, 5D, 91, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 14, A1, 24, 6D, 46, 00, 33, C5, 89, 45, FC, 53, 56, 33, DB, 57, 8B, F1, 39, 1D, C4, C0, 49, 00, 75, 38, 53, 53, 33, FF, 47, 57, 68, 88, B2, 45, 00, 68, 00, 01, 00, 00, 53, FF, 15, 80, 71, 45, 00, 85, C0, 74, 08, 89, 3D, C4, C0, 49, 00, EB, 15, FF, 15, D4, 70, 45, 00, 83, F8, 78, 75, 0A, C7, 05, C4, C0, 49, 00, 02, 00, 00, 00, 39, 5D, 14, 7E, 22, 8B, 4D, 14, 8B, 45, 10, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, 45, 14, 2B, C1... 
[+]

Entropy:

6.8869

Code size:

343 KB (351,232 bytes)

Remove final.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.