» legendas34.exe
Overview
Analysis
File Details
Downloads (2)

legendas34.exe

Legendas 3.4

Dantis Tecnologia Ltda ME

The application legendas34.exe, “Legendas 3.4 Setup ” by Dantis Tecnologiaa ME has been detected as a potentially unwanted program by 24 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.subtitles4free.net and multiple other hosts.

File name:

legendas34.exe

Publisher:

Legendas Brasil (signed by Dantis Tecnologia Ltda ME)

Product:

Legendas 3.4

Description:

Legendas 3.4 Setup

MD5:

3cc2440232c2068809dc93b858c667c4

SHA-1:

4ed8153e9d8d9738c81ffd88aec14474da5bb23f

SHA-256:

c79fefbf1f4bc31e65953f3303bd94d5bad2898c3cfb15e8033ebee801799d05

Scanner detections:

24 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

5/21/2024 7:30:52 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.15336575

389

Arcabit

Trojan.Generic.DECCD86

1.0.0.637

AVG

Generic

2017.0.2867

Baidu Antivirus

Hacktool.Win64.NetFilter

4.0.3.16111

Bitdefender

Trojan.Generic.15519110

1.0.20.55

Comodo Security

UnclassifiedMalware

23869

Dr.Web

Trojan.Fakealert.51956

9.0.1.011

Emsisoft Anti-Malware

Trojan.Generic.15519110

8.16.01.11.02

ESET NOD32

Win32/RiskWare.NetFilter

10.12790

Fortinet FortiGate

Riskware/NetFilter

1/11/2016

F-Secure

Trojan.Generic.15519110

11.2016-11-01_2

G Data

Trojan.Generic.15519110

16.1.25

IKARUS anti.virus

PUA.RiskWare.NetFilter

t3scan.1.9.5.0

K7 AntiVirus

Riskware

13.212.18265

Kaspersky

not-a-virus:NetTool.Win64.NetFilter

14.0.0.832

McAfee

Artemis!3CC2440232C2

5600.6523

MicroWorld eScan

Trojan.Generic.15519110

17.0.0.33

Norman

Trojan.Generic.15336575

11.20160111

nProtect

Trojan.Generic.15519110

15.12.31.01

Panda Antivirus

Generic Suspicious

16.01.11.02

Rising Antivirus

PE:Adware.InstallCore!1.A30C [F]

23.00.65.16109

Sophos

Generic PUA EO (PUA)

4.98

VIPRE Antivirus

NetFilter

46134

Zillya! Antivirus

Downloader.Adload.Win32.28970

2.0.0.2590

File size:

2.5 MB (2,642,464 bytes)

Product version:

3.4

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\legendas34.exe

Digital Signature

Signed by:

Dantis Tecnologia Ltda ME

Authority:

GoDaddy.com, Inc.

Valid from:

9/11/2015 4:44:39 PM

Valid to:

9/11/2016 4:44:39 PM

Subject:

CN=Dantis Tecnologia Ltda ME, O=Dantis Tecnologia Ltda ME, L=Sao Jose, S=Santa Catarina, C=BR

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

00953F34DF067F1B14

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:fvg6RK2N+Sl6HSe5C4RDcq6TK/gcOCRbV/1zeS3VEpKhWrolKBY2t:HgF2N+Sab/gcLRB8sVX/lK7t

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file legendas34.exe has been seen being distributed by the following 2 URLs.

http://www.subtitles4free.net/download.php?software=Legendas34&action=update

http://legendafacil.com/wp-content/uploads/legendas/.../Legendas34.exe

Remove legendas34.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.