» fire patch 2014 ver 6.0 aio.part10.exe
Overview
Analysis
File Details
Downloads (1)

fire patch 2014 ver 6.0 aio.part10.exe

CHummer

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application fire patch 2014 ver 6.0 aio.part10.exe, “Description is empty” by Maxiget Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from stl.files-free.net.

File name:

Publisher:

Elit -e - Company (signed by Maxiget Limited)

Product:

CHummer

Description:

Description is empty

Version:

3, 5, 13, 0

MD5:

d633fa8aad86a0f559db1bbb90a8d47e

SHA-1:

61d0a8fccfbac9eb66de14315e7255c848544c86

SHA-256:

3356e1d0053ce14856ce217ecdc7b24b3d496c2760ae324fb72365fafa763bb0

Scanner detections:

1 / 68

Status:

Adware

Explanation:

This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:

4/25/2024 8:55:11 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.New IT Limited.Maxiget (M)

16.3.1.0

File size:

39.7 KB (40,688 bytes)

Product version:

3, 5, 13, 0

2014

Trademarks:

Original file name:

DHelper

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\fire patch 2014 ver 6.0 aio.part10.exe

Digital Signature

Signed by:

Maxiget Limited

Authority:

GoDaddy.com, Inc.

Valid from:

6/3/2014 3:41:06 PM

Valid to:

8/15/2016 1:41:32 PM

Subject:

CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

043F9C868704FA

File PE Metadata

Compilation timestamp:

9/5/2014 10:53:24 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

768:qOwfivq/RsoZNUYbmSChHUborYp9vZ12CTCIG2qdgaTkFF:Y3mhhfYp9x12CTCqqmak

Entry address:

0x3210

Entry point:

55, 8B, EC, 83, E4, F8, 83, EC, 0C, 53, 56, 57, 8D, 44, 24, 10, 50, C7, 44, 24, 14, 08, 00, 00, 00, C7, 44, 24, 18, 20, 00, 00, 00, FF, 15, 00, 40, 40, 00, 68, 28, 0A, 00, 00, 68, A0, 1F, B9, 00, 6A, 00, FF, 15, 94, 40, 40, 00, 6A, 00, 68, 80, 00, 00, 00, 6A, 03, 6A, 00, 6A, 01, 68, 00, 00, 00, 80, 68, A0, 1F, B9, 00, FF, 15, 8C, 40, 40, 00, 8B, F8, 83, FF, FF, 0F, 84, 30, 01, 00, 00, E8, BA, E3, FF, FF, 57, 8B, 3D, 90, 40, 40, 00, 8A, D8, FF, D7, 84, DB, 0F, 84, 18, 01, 00, 00, 66, 83, 3D, C8, A0, 40, 00... 
[+]

Entropy:

5.5085

Developed / compiled with:

Microsoft Visual C++

Code size:

9 KB (9,216 bytes)

The file fire patch 2014 ver 6.0 aio.part10.exe has been seen being distributed by the following URL.

https://stl.files-free.net/.../Fire Patch 2014 ver 6.0 AIO.part10.exe

Remove fire patch 2014 ver 6.0 aio.part10.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.