home

mediahuman youtube downlo_10924_i63144542_il345.exe

Maxthon Cloud Portable

A4 TOV

The application mediahuman youtube downlo_10924_i63144542_il345.exe, “Maxthon Cloud Portable (PortableApps.com Launcher)” by A4 TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
PortableApps.com  (signed by A4 TOV)

Product:
Maxthon Cloud Portable

Description:
Maxthon Cloud Portable (PortableApps.com Launcher)

Version:
2.2.0.0

MD5:
d7eb9de0e240033eb2e357256eccc725

SHA-1:
2a172ef1a422cf051e298b43889a688591d742ef

SHA-256:
27134fdd83dee4206a2182af9392d759a9d61b364b3f9dcd56e803717bf62eed

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/12/2024 4:59:52 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize (M)
17.3.11.14

File size:
2.4 MB (2,465,248 bytes)

Product version:
2.2.0.0

Copyright:
PortableApps.com

Trademarks:
PortableApps.com is a Trademark of Rare Ideas, LLC.

Original file name:
MaxthonPortable.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\downloads\apps\mediahuman+youtube+downlo\mediahuman youtube downlo_10924_i63144542_il345.exe

Digital Signature
Signed by:
A4 TOV

Authority:
COMODO CA Limited

Valid from:
9/17/2015 5:30:00 AM

Valid to:
9/17/2016 5:29:59 AM

Subject:
CN=A4 TOV, O=A4 TOV, STREET=Bud. 29 vul.Shchorsa, L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
27FB5DEC4CCFD4F3CF69A6B639C6AD4B

File PE Metadata
Compilation timestamp:
9/24/2015 7:12:49 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x2F8FC4

Entry point:
68, CD, 37, B1, 67, E8, AF, 71, FC, FF, 9B, BB, C1, CC, B5, DF, 63, 75, 0F, D6, 6A, 87, 89, B6, 6B, 94, 73, 86, 75, 95, F9, 30, 1C, D8, A7, EE, FC, 7E, 4C, E7, 96, 7C, 92, FF, 87, 2F, 42, 2F, 24, 09, 9C, 80, 64, 14, 95, 0D, DA, 0C, B7, 2B, 79, 7E, B9, 0C, 48, 6F, 0E, ED, C9, 49, 6A, 45, E7, D1, 44, 8D, 55, B2, A5, 9C, B2, C3, 37, 94, CF, 3F, 51, 10, C6, 7A, DB, 89, B6, 7B, 66, FA, C1, 68, 58, 9C, 95, F4, A7, B2, 11, 6A, 50, 48, 10, F7, DB, 3E, 92, C2, 05, 7C, B5, D3, 10, 75, ED, 5D, 98, 60, 25, 42, B6, 05...
 
[+]

Entropy:
7.9891  (probably packed)

Code size:
2.3 MB (2,430,464 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.