» legendas34.exe
Overview
Analysis
File Details
Downloads (3)

legendas34.exe

Legendas 3.4

Dantis Tecnologia Ltda ME

The application legendas34.exe, “Legendas 3.4 Setup ” by Dantis Tecnologiaa ME has been detected as a potentially unwanted program by 24 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from legendasbrasil.org and multiple other hosts.

File name:

legendas34.exe

Publisher:

Legendas Brasil (signed by Dantis Tecnologia Ltda ME)

Product:

Legendas 3.4

Description:

Legendas 3.4 Setup

MD5:

21cf5b7d0bc3cb7f4a33632448fd7148

SHA-1:

e666014d9d29358280f640fce33223e97a5a73b5

SHA-256:

668f5762bc30177497d5a23ba00336af27f4a2f149c89bff99b6db79abb58d79

Scanner detections:

24 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

5/7/2024 1:50:49 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.15336575

401

Arcabit

Trojan.Generic.DEA047F

1.0.0.637

AVG

Generic

2016.0.2879

Baidu Antivirus

Hacktool.Win64.NetFilter

4.0.3.151230

Bitdefender

Trojan.Generic.15336575

1.0.20.1820

Comodo Security

UnclassifiedMalware

23875

Dr.Web

Trojan.Fakealert.51956

9.0.1.0364

Emsisoft Anti-Malware

Trojan.Generic.15336575

8.15.12.30.10

ESET NOD32

Win32/RiskWare.NetFilter

9.12794

Fortinet FortiGate

Riskware/NetFilter

12/30/2015

F-Secure

Trojan.Generic.15336575

11.2015-30-12_4

G Data

Trojan.Generic.15336575

15.12.25

IKARUS anti.virus

PUA.RiskWare.NetFilter

t3scan.1.9.5.0

K7 AntiVirus

Riskware

13.212.18257

Kaspersky

not-a-virus:NetTool.Win64.NetFilter

14.0.0.890

McAfee

Artemis!21CF5B7D0BC3

5600.6535

MicroWorld eScan

Trojan.Generic.15336575

16.0.0.1092

Norman

Trojan.Generic.15336575

11.20151230

nProtect

Trojan.Generic.15336575

15.12.29.01

Panda Antivirus

Trj/CI.A

15.12.30.10

Rising Antivirus

PE:Adware.InstallCore!1.A30C [F]

23.00.65.151228

Sophos

Generic PUA OG (PUA)

4.98

VIPRE Antivirus

NetFilter

46134

Zillya! Antivirus

Trojan.Kryptik.Win32.822273

2.0.0.2584

File size:

2.7 MB (2,836,792 bytes)

Product version:

3.4

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\legendas34.exe

Digital Signature

Signed by:

Dantis Tecnologia Ltda ME

Authority:

GoDaddy.com, Inc.

Valid from:

9/11/2015 4:44:39 PM

Valid to:

9/11/2016 4:44:39 PM

Subject:

CN=Dantis Tecnologia Ltda ME, O=Dantis Tecnologia Ltda ME, L=Sao Jose, S=Santa Catarina, C=BR

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

00953F34DF067F1B14

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:N9aL6iuRKO3J0INiQtcUXdHS8qwbrIgcOCRbV/1zeS3VEpK2eQPZXja4Cc+m:7I7u1qINixUXQ8qVgcLRB8sVFQPlCc+m

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file legendas34.exe has been seen being distributed by the following 3 URLs.

http://legendasbrasil.org/.../Legendas34.exe

http://www.subtitles4free.net/download.php?software=Legendas34&action=update

http://www.subtitles4free.net/download.php?software=Legendas34

Remove legendas34.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.