» mggiocopiu.it.exe
Overview
Analysis
File Details

mggiocopiu.it.exe

Microgame S.p.A.

The application mggiocopiu.it.exe by Microgame S.p.A has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.

File name:

mggiocopiu.it.exe

Publisher:

Microgame S.p.A. (signed and verified)

MD5:

4546c791252aa8d54d04e4eb05326020

SHA-1:

4beecd65bd6bbddecde304331f4f3e108b212c33

SHA-256:

8841215ffafec5a66ea153f2836b64f6a0a6164d9bf0bdd0a8354db8f10c5e90

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Uses the Solimba installer to bundle adware offers.

Analysis date:

4/27/2024 4:19:38 AM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

WIN.Adware.Solimba-3

0.98/18155

Reason Heuristics

Threat.Win.Reputation.IMP

16.12.1.16

Trend Micro House Call

TROJ_GEN.F47V0528

7.2.295

File size:

15.5 MB (16,275,032 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Common path:

C:\users\{user}\downloads\mggiocopiu.it.exe

Digital Signature

Signed by:

Microgame S.p.A.

Authority:

Thawte, Inc.

Valid from:

9/21/2011 2:00:00 AM

Valid to:

10/15/2013 1:59:59 AM

Subject:

CN=Microgame S.p.A., OU=Web, O=Microgame S.p.A., L=Benevento, S=Benevento, C=IT

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7CA39B056B5896173B4E7CF7B69317E5

File PE Metadata

Compilation timestamp:

8/30/2011 5:46:32 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.21

CTPH (ssdeep):

393216:dFtRWH+c4KIUJpOQ2AuJTNoR5XNBlrp7OsHt4ppaXYRLGlgL9Lgj3rs0kcfu:/k+c4K973ulkp9qppaXYRlLxgU0kc2

Entry address:

0x4131

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 33, 43, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 34, 43, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 34, 43, 00, 56, A3, F4, 17, 43, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 50, 18, 43, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 34, 43, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7... 
[+]

Code size:

33.5 KB (34,304 bytes)

Remove mggiocopiu.it.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.