home

mecasoft_pro_5_0_windows_downloader.exe

Safe Decision, Inc

The application mecasoft_pro_5_0_windows_downloader.exe by Safe Decision, Inc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Safe Decision, Inc  (signed and verified)

MD5:
5fcad00f710c2e2e5a860486ae9dcb65

SHA-1:
1e63de99160a60f05287b5b38712562ad4d07d2b

SHA-256:
1e0177246da746d36e716fe04bdf35c81ef29a491ba5699ffc0e2436b5e7f954

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/7/2024 5:53:19 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.EasyDownloads.SafeDecision (M)
16.1.20.21

File size:
4.4 MB (4,648,416 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\mecasoft_pro_5_0_windows_downloader.exe

Digital Signature
Signed by:
Safe Decision, Inc

Authority:
The USERTRUST Network

Valid from:
4/19/2010 2:00:00 AM

Valid to:
4/19/2012 1:59:59 AM

Subject:
CN="Safe Decision, Inc", O="Safe Decision, Inc", STREET=16192 Coastal Highway, L=Lewes, S=Delaware, PostalCode=19958, C=US

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
6DC4F2ADB6C01EB5AFC087B875031CE2

File PE Metadata
Compilation timestamp:
11/14/2011 4:08:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:y1Zsw3adRKJfVjIeDu2I/qNtoAjkM5k7yeXYh:y1iiaDKhVj5nLodMEyeE

Entry address:
0x5D5889

Entry point:
68, A8, 48, E9, 90, E8, D4, A5, 2C, 00, 1E, 95, C6, 4D, FD, A1, 99, 50, 8C, C1, F7, 6E, C7, F2, 54, D4, 81, 2A, 91, 89, 3F, C1, 14, 23, 8A, 3F, 27, 74, E2, 88, CE, 9C, 7A, ED, 13, 29, B6, 25, D5, 8C, C1, FD, E4, 8A, F5, 3B, 50, 9C, 52, E1, 58, A8, E9, C8, CF, 63, 56, 22, F8, 16, 96, 83, 14, 70, 28, 0A, 5C, BD, B9, 35, BE, 40, BB, 9F, B4, FB, 2F, 3C, 84, 07, 09, E9, DA, D4, 0E, E4, 7F, 8A, 4B, C9, 62, E3, 9B, 73, 1B, 16, 2F, D1, 09, 58, E5, AD, AD, 39, 8F, D6, 93, B5, D3, 4A, 75, 6E, 79, FE, EF, 00, 56, 7A...
 
[+]

Code size:
8.6 MB (9,043,968 bytes)

Remove mecasoft_pro_5_0_windows_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.