home

maxiget.exe

SystemNode

Maxiget Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application maxiget.exe by Maxiget Limited has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the New IT Desktop Setup installer. The file has been seen being downloaded from mxc.files-download-41.com.
Publisher:
SwapSystem  (signed by Maxiget Limited)

Product:
SystemNode

Description:
SystemComponent

Version:
4, 0, 27, 0

MD5:
472f88dfe021912c72cb4c5d8c916c18

SHA-1:
103224cf24f40cce6809c186b120ce82a6eebb10

SHA-256:
52b794083b2d013ed4ba78c04de8ca3ea6504a7ed92d2527f8b1dc674608d094

Scanner detections:
29 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/17/2024 11:36:42 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12365539
353

Agnitum Outpost
PUA.4Shared
7.1.1

AhnLab V3 Security
Trojan/Win32.Agent
2014.12.20

Avira AntiVirus
APPL/Downloader.Gen4
7.11.196.212

AVG
Generic
2017.0.2831

Baidu Antivirus
Adware.Win32.4Shared
4.0.3.16216

Bitdefender
Trojan.Generic.12365539
1.0.20.235

Clam AntiVirus
Win.Trojan.4shared-32
0.98/19807

Comodo Security
Application.Win32.4Shared.FG
20415

Dr.Web
Adware.Downware.9208
9.0.1.047

Emsisoft Anti-Malware
Trojan.Generic.12365539
8.16.02.16.09

ESET NOD32
Win32/4Shared.AE potentially unwanted application
10.7.0.302.0

F-Prot
W32/A-1b91fffb
v6.4.7.1.166

F-Secure
Trojan.Generic.12365539
11.2016-16-02_3

G Data
Trojan.Generic.12365539
16.2.24

IKARUS anti.virus
PUA.4Shared
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.188.14395

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.651

McAfee
Program.4shared
5600.6487

MicroWorld eScan
Trojan.Generic.12365539
17.0.0.141

NANO AntiVirus
Riskware.Win32.Downware.djhyre
0.28.6.64267

Norman
Trojan.Generic.12365539
11.20160216

nProtect
Trojan.Generic.12365539
14.12.19.01

Panda Antivirus
Trj/Genetic.gen
16.02.16.09

Reason Heuristics
PUP.New IT Limited.Maxiget.Bundler (M)
16.2.16.21

Sophos
4Share Downloader
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4150696
35418

Zillya! Antivirus
Trojan.Badur.Win32.7465
2.0.0.2009

File size:
42.9 KB (43,888 bytes)

Product version:
4, 0, 27, 0

Copyright:
2014

Trademarks:
SmallTrade Inc.

Original file name:
0008.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
New IT Desktop Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\maxiget.exe

Digital Signature
Signed by:
Maxiget Limited

Authority:
Starfield Technologies, Inc.

Valid from:
11/4/2014 8:59:17 AM

Valid to:
8/15/2016 3:41:32 AM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B6558A31AA7EB

File PE Metadata
Compilation timestamp:
11/12/2014 5:15:22 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
384:P3FLzKXqF8emdriRDdyQm7hq18ha50qXUlfzAQ3myyqAV10gOCooqDG8pplDMDbW:PVL0BL7m/0qXURMayjyptHVZr/E

Entry address:
0x2F16

Entry point:
55, 8B, EC, 83, EC, 10, 53, 56, 57, 8D, 45, F0, 50, C7, 45, F0, 08, 00, 00, 00, C7, 45, F4, 20, 00, 00, 00, FF, 15, 00, 40, 40, 00, 68, 28, 0A, 00, 00, BE, B8, A4, BB, 00, 56, 33, DB, 53, FF, 15, 98, 40, 40, 00, 53, 68, 80, 00, 00, 00, 6A, 03, 53, 6A, 01, 68, 00, 00, 00, 80, 56, FF, 15, 90, 40, 40, 00, 8B, F0, 83, FE, FF, 0F, 84, 0A, 01, 00, 00, 56, E8, FA, E6, FF, FF, 59, 56, 88, 45, FF, FF, 15, 94, 40, 40, 00, 38, 5D, FF, 0F, 84, F0, 00, 00, 00, 68, 90, 01, 00, 00, BF, 14, 51, 40, 00, 57, FF, 15, 5C, 40...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
8.5 KB (8,704 bytes)

The file maxiget.exe has been seen being distributed by the following URL.

https://mxc.files-download-41.com/.../Maxiget.exe

Remove maxiget.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.