» mgbbet.it.exe
Overview
Analysis
File Details
Downloads (1)

mgbbet.it.exe

Microgame S.p.A.

The application mgbbet.it.exe by Microgame S.p.A has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from client2012.peoples.it.

File name:

mgbbet.it.exe

Publisher:

Microgame S.p.A. (signed and verified)

MD5:

3015e673d94309bb96240ea4535a0103

SHA-1:

3d8584b1ac9c53eaeabe388eb23642069e70317e

SHA-256:

5b52dfa10a5118f8a0531b7b17b8c0a3f4383503c9f216453bd24876b94eb438

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

Uses the Solimba installer to bundle adware offers.

Analysis date:

4/20/2024 12:11:28 AM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

WIN.Adware.Solimba-3

0.98/213

McAfee

Artemis!5E3CC407E56B

5600.6607

Reason Heuristics

Threat.Win.Reputation.IMP

16.12.6.0

Trend Micro House Call

TROJ_GE.257D314F

7.2.293

Vba32 AntiVirus

Downware.Morstar

3.12.26.0

File size:

15.5 MB (16,273,904 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Common path:

C:\users\{user}\downloads\mgbbet.it.exe

Digital Signature

Signed by:

Microgame S.p.A.

Authority:

Thawte, Inc.

Valid from:

10/1/2013 2:00:00 AM

Valid to:

10/15/2015 1:59:59 AM

Subject:

CN=Microgame S.p.A., OU=Web, O=Microgame S.p.A., L=Benevento, S=Benevento, C=IT

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

5E41ECAF27EC48B8D67DB85F5945B728

File PE Metadata

Compilation timestamp:

8/30/2011 5:46:32 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.21

CTPH (ssdeep):

393216:IFtRWH+c4KIUJpOQ2AuJTNoR5XNBlrp7OsHt4ppaXYRLGlgL9Lgws0kcfD:8k+c4K973ulkp9qppaXYRlLxgN0kcb

Entry address:

0x4131

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 33, 43, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 34, 43, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 34, 43, 00, 56, A3, F4, 17, 43, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 50, 18, 43, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 34, 43, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7... 
[+]

Code size:

33.5 KB (34,304 bytes)

The file mgbbet.it.exe has been seen being distributed by the following URL.

http://client2012.peoples.it/download/.../mgbbet.it.exe

Remove mgbbet.it.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.