home

nfs underground 2.exe

Asper

Maxiget Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application nfs underground 2.exe by Maxiget Limited has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the New IT Desktop Setup installer. It is also typically executed from the user's temporary directory.
Publisher:
C Vital  (signed by Maxiget Limited)

Product:
Asper

Description:
LeaveLoadLoud

Version:
4, 10, 30, 0

MD5:
2a614b5d9eea04c056118e284a6bbd81

SHA-1:
47b663c4c0ffb6102782c35d569a5a257dc41054

SHA-256:
90ca1917b7afb6ecd42188f0440d1f6e7f7381594f2444b9f73ef78794e7bf3a

Scanner detections:
24 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/23/2024 8:17:00 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.4Shared
7.1.1

AhnLab V3 Security
PUP/Win32.Downloader
2015.02.19

Avira AntiVirus
APPL/Downloader.Gen4
7.11.202.28

avast!
Win32:FourShared-AI [PUP]
150319-0

AVG
Generic
2016.0.3153

Baidu Antivirus
Adware.Win32.4Shared
4.0.3.1541

Clam AntiVirus
Win.Adware.Purd
0.98/20118

Comodo Security
Application.Win32.4shared.GSP
20900

Dr.Web
Adware.Downware.1751
9.0.1.05190

ESET NOD32
Win32/4Shared.AM potentially unwanted (variant)
9.11373

F-Prot
W32/S-367fc245
v6.4.7.1.166

herdProtect (fuzzy)
variant of delphi 7 portable.exe (Adware)
2015.6.29.23

IKARUS anti.virus
PUA.4Shared
t3scan.1.8.6.0

K7 AntiVirus
Adware
13.202.15369

Kaspersky
not-a-virus:Downloader.Win32.4Shared
14.0.0.2294

McAfee
4shared
5600.6809

NANO AntiVirus
Trojan.Win32.4Shared.dmovte
0.30.0.64812

nProtect
Adware.PURD
15.02.27.01

Panda Antivirus
Trj/Genetic.gen
15.04.01.12

Qihoo 360 Security
Malware.QVM07.Gen
1.0.0.1015

Reason Heuristics
PUP.New IT Limited.Bundler
15.4.24.0

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4150696
36694

Zillya! Antivirus
Backdoor.CPEX.Win32.30311
2.0.0.2076

File size:
602.2 KB (616,680 bytes)

Product version:
4, 10, 30, 0

Copyright:
Conical (c)

Trademarks:
TM2-15

Original file name:
lltmoping.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
New IT Desktop Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\nfs underground 2.exe

Digital Signature
Signed by:
Maxiget Limited

Authority:
GoDaddy.com, Inc.

Valid from:
12/11/2014 1:36:00 PM

Valid to:
8/15/2016 8:41:32 AM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B83CBF523FA3B

File PE Metadata
Compilation timestamp:
3/24/2015 11:57:59 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:7qnLnINXrlCR4YU2IByICBLrnke5Q28nI:7oDINXrlCRpACBLrhO2P

Entry address:
0x222F

Entry point:
E8, F8, 15, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, 4D, 16, 00, 00, 33, C0, 5D, C2, 04, 00, 68, 39, 22, 40, 00, FF, 15, AC, 80, 40, 00, 33, C0, C3, 8B, FF, 55, 8B, EC, 57, BF, E8, 03, 00, 00, 57, FF, 15, B4, 80, 40, 00, FF, 75, 08, FF, 15, B0, 80, 40, 00, 81, C7, E8, 03, 00, 00, 81, FF, 60, EA, 00...
 
[+]

Code size:
27.5 KB (28,160 bytes)

Remove nfs underground 2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.