» here goes the filename.exe
Overview
Analysis
File Details
Downloads (1)

here goes the filename.exe

SuperCharging

Maxiget Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application here goes the filename.exe by Maxiget Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the New IT Desktop Setup installer. The file has been seen being downloaded from ds133.maxiget.com.

File name:

Publisher:

SPC LLC (signed by Maxiget Limited)

Product:

SuperCharging

Description:

DWD

Version:

3, 3, 22, 0

MD5:

bc2327554be58aa68b553a143fa5ef5f

SHA-1:

cafc5c2ea4f756dfbe9ccfe42885ab4240d3aec9

SHA-256:

45c10768b0e1e1becf187f4f76899386a7a3d076e4c1495af59e838d28472b4e

Scanner detections:

1 / 68

Status:

Adware

Explanation:

This is a modified installer version of the software and bundles additional offers including adware.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 10:33:20 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.New IT Limited.Maxiget.Bundler (M)

16.1.22.6

File size:

439.9 KB (450,488 bytes)

Product version:

3, 3, 22, 0

2013

Trademarks:

File type:

Executable application (Win32 EXE)

Bundler/Installer:

New IT Desktop Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\here goes the filename.exe

Digital Signature

Signed by:

Maxiget Limited

Authority:

COMODO CA Limited

Valid from:

11/12/2013 7:00:00 AM

Valid to:

11/13/2014 6:59:59 AM

Subject:

CN=Maxiget Limited, O=Maxiget Limited, STREET="Arch. Makariou III, 135", STREET="Emelle Building, 4th floor", L=Limassol, S=Limassol, PostalCode=3021, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00FBB004FE732F9C48D07FE66424856186

File PE Metadata

Compilation timestamp:

5/15/2014 7:12:41 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:Zhv9K8SSeot00WQGwthtoWExghexAJwV8J0n9xc5Vz2KEbICB+iva:/v9KSXWxitnExghexLG4ELz2KFC7a

Entry address:

0x2A0AC

Entry point:

E8, FB, A3, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 14, A1, 58, CD, 44, 00, 33, C5, 89, 45, FC, 53, 56, 33, DB, 57, 8B, F1, 39, 1D, A4, E5, 44, 00, 75, 38, 53, 53, 33, FF, 47, 57, 68, 5C, 1D, 44, 00, 68, 00, 01, 00, 00, 53, FF, 15, 58, F1, 43, 00, 85, C0, 74, 08, 89, 3D, A4, E5, 44, 00, EB, 15, FF, 15, C4, F0, 43, 00, 83, F8, 78, 75, 0A, C7, 05, A4, E5, 44, 00, 02, 00, 00, 00, 39, 5D, 14, 7E, 22, 8B, 4D, 14, 8B, 45, 10, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, 45, 14, 2B, C1... 
[+]

Code size:

248 KB (253,952 bytes)

The file here goes the filename.exe has been seen being distributed by the following URL.

http://ds133.maxiget.com/smart-download/.../Here goes the filename.exe

Remove here goes the filename.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.