home

MaxHD.exe

RBMF Technologies LLC

The application MaxHD.exe by RBMF Technologies has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from mega.nz and multiple other hosts. While running, it connects to the Internet address unallocated.barefruit.co.uk on port 443.
Publisher:
RBMF Technologies LLC  (signed and verified)

MD5:
08506160cdfb668b7b1a1482105fb8c1

SHA-1:
e4bbe1e1cbcb113c3b6f4b925726735cf9ffaaf1

SHA-256:
e0b40b91d9171bf7b2bf31c9d95ff13176452442c4c15e2a755920787af1ffef

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/4/2024 12:18:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.RBMFTechnologies.F
14.4.13.22

File size:
2.7 MB (2,815,912 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\maxhd.exe

Digital Signature
Signed by:
RBMF Technologies LLC

Authority:
GoDaddy.com, Inc.

Valid from:
3/25/2013 2:24:32 PM

Valid to:
3/25/2014 2:10:21 PM

Subject:
CN=RBMF Technologies LLC, O=RBMF Technologies LLC, L=Lewes, S=DE, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B7E112F67BE16

File PE Metadata
Compilation timestamp:
9/10/2013 3:57:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:rEUnep/S5Hswni9lCmwIXP5b59KI7MXEkEU/CoAWFxJ:rEUG7CmDKI7MeU/CtWFxJ

Entry address:
0x65A860

Entry point:
60, BE, 00, B0, 7B, 00, 8D, BE, 00, 60, C4, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.9119

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
2.6 MB (2,752,512 bytes)

The file MaxHD.exe has been seen being distributed by the following 12 URLs.

https://mega.nz/temporary/.../5Qd3VCyD

https://mega.nz/temporary/.../JQ4GlTqB

https://mega.nz/temporary/.../QhRFwKJS

https://mega.nz/temporary/.../CNF3iYgQ

https://mega.nz/temporary/.../lcs0VZQQ

https://mega.co.nz/temporary/.../oJIUBLCK

blob:7F783F5C-61E4-4E5E-B7B1-123113B7818C

blob:867F8C78-4DBE-48A1-A721-26C25E7BBED6

https://mega.nz/persistent/.../oJIUBLCK

https://mega.nz/temporary/.../oJIUBLCK

https://mega.nz/temporary/.../QdBmwB6I

http://www.softmaxhd.net/.../MaxHD.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to unallocated.barefruit.co.uk  (92.242.140.20:443)

Remove MaxHD.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.