» getsavin.exe
Overview
Analysis
File Details
Downloads (1)

getsavin.exe

AdPeak, Inc

This is the instaler for an an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application getsavin.exe by AdPeak, Inc has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.getsavin.com.

File name:

getsavin.exe

Publisher:

AdPeak, Inc (signed and verified)

MD5:

718f93b4af941a29b7ac91f777f47890

SHA-1:

6e58f436c909e057384670976c98e672f58926f0

SHA-256:

04784eeafafbcec18c2ac7a491edfa17a94f19a8bf912129c502058bb9f4b514

Scanner detections:

10 / 68

Status:

Adware

Explanation:

Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:

4/26/2024 11:30:15 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AVG

MalSign.Generic

2014.0.3645

Bkav FE

W32.Clod330.Trojan

1.3.0.4923

Boost by Reason

Adware.Installer.GetSavin.AdPeak

2013.7.11.19

Dr.Web

Trojan.MulDrop4.22900

9.0.1.0191

McAfee

Artemis!718F93B4AF94

5600.7132

NANO AntiVirus

Trojan.Win32.MulDrop4.cqkxyv

0.28.0.57630

Reason Heuristics

PUP.AdPeak.I

14.8.7.19

Sophos

AdPeak

4.97

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

VIPRE Antivirus

Adware.Adpeak

26162

File size:

80 KB (81,872 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\getsavin.exe

Digital Signature

Signed by:

AdPeak, Inc

Authority:

GoDaddy.com

Valid from:

8/3/2012 2:55:39 PM

Valid to:

9/16/2013 1:43:44 PM

Subject:

CN="AdPeak, Inc", O="AdPeak, Inc", L=Sarasota, S=FL, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

042CD88817C44D

File PE Metadata

Compilation timestamp:

2/8/2013 12:59:42 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

1536:LS0s2WhwyAhPtEPGJLNdlN18T3BJXCu/7S2zgLCcn95:LSrh2tEPKLlN1y3BJXCuNVcX

Entry address:

0x39B0

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 93, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 3E, 43, 00, 00, 6A, 00, E8, A7, 46, 00, 00, A3, 88, 0C, 44, 00, 6A, 08, E8, 72, 28, 00, 00, A3, 38, 0D, 44, 00, 8D, 85, 90, FE, FF, FF, 6A, 00, 68, 60, 01, 00, 00, 50, 6A, 00, 68, A4, A2, 40, 00, E8, EC, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 0D, 44, 00, E8, 92, 2A, 00, 00, 83, C4, 18, E8, FA, 42, 00, 00, 52, 52, 50, 68, 00, 30, 47, 00, E8, 7D, 2A, 00, 00, 57, 6A, 00, E8, 4D, 42, 00, 00, 83... 
[+]

Entropy:

6.7165

Packer / compiler:

Nullsoft PiMP Stub [Nullsoft PiMP SFX]

Code size:

28.5 KB (29,184 bytes)

The file getsavin.exe has been seen being distributed by the following URL.

http://www.getsavin.com/.../getsavin.exe

Remove getsavin.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.