home

maxiget.pdfebookes.viewer.exe

Catalina Group Limited

The application maxiget.pdfebookes.viewer.exe by Catalina Group Limited has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a setup program which is used to install the application. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from s.getdownload.net.
Publisher:
Catalina Group Limited  (signed and verified)

MD5:
1578f9b36397991ca158016947048b8e

SHA-1:
5b4fb2a93d1bb2ed8a69d56c4f5e0c0faaefe850

SHA-256:
787bd728f53b2ce3b4d60eb044fec23b9092b6c956ba9e318a563ef79be84d7c

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 1:19:15 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/Maxiget.A
7.11.106.148

Bitdefender
Adware.Generic.591724
1.0.20.1350

Comodo Security
Application.Win32.Maxiget.~A
17076

Dr.Web
Adware.Babylon.10
9.0.1.0174

Emsisoft Anti-Malware
Adware.Generic.591724
8.14.09.27.03

ESET NOD32
Win32/Maxiget (variant)
8.8718

F-Secure
Adware.Generic.591724
11.2014-27-09_7

G Data
Adware.Generic.591724
14.9.22

Malwarebytes
PUP.Optional.Maxiget
v2014.06.23.07

McAfee
Artemis!1578F9B36397
5600.7091

MicroWorld eScan
Adware.Generic.591724
15.0.0.810

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.27.15

Sophos
4Share Downloader
4.93

Trend Micro House Call
TROJ_GEN.F47V0727
7.2.174

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.22.3

VIPRE Antivirus
Trojan.Win32.Generic
20778

File size:
922.9 KB (945,096 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\maxiget.pdfebookes.viewer.exe

Digital Signature
Signed by:
Catalina Group Limited

Authority:
GoDaddy.com, Inc.

Valid from:
9/27/2012 3:56:54 AM

Valid to:
9/27/2013 3:56:54 AM

Subject:
CN=Catalina Group Limited, O=Catalina Group Limited, L=Kwun Tong, S=Hong Kong, C=HK

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27B940A1704DC9

File PE Metadata
Compilation timestamp:
7/26/2013 6:41:06 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:FHKYiGTocGGrSmIeKgSqeVoqnS7ign/RG5fR:FqYbiG2uBLdignZSR

Entry address:
0x8181

Entry point:
E8, BB, 45, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 56, 57, 8B, F9, C7, 07, D0, 62, 41, 00, 8B, 03, 85, C0, 74, 26, 50, E8, 46, 01, 00, 00, 8B, F0, 46, 56, E8, 31, 14, 00, 00, 59, 59, 89, 47, 04, 85, C0, 74, 12, FF, 33, 56, 50, E8, 12, 46, 00, 00, 83, C4, 0C, EB, 04, 83, 67, 04, 00, C7, 47, 08, 01, 00, 00, 00, 8B, C7, 5F, 5E, 5B, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, C1, 8B, 4D, 08, C7, 00, D0, 62, 41, 00, 8B, 09, 83, 60, 08, 00, 89, 48, 04, 5D, C2, 08, 00, 8B, FF, 55, 8B, EC, 53...
 
[+]

Entropy:
7.8599  (probably packed)

Code size:
83 KB (84,992 bytes)

The file maxiget.pdfebookes.viewer.exe has been seen being distributed by the following URL.

http://s.getdownload.net/.../Maxiget.pdfebookes.viewer.exe

Remove maxiget.pdfebookes.viewer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.