» quem me roubou de mim padre fabio de melo 2011 livro.exe
Overview
Analysis
File Details

quem me roubou de mim padre fabio de melo 2011 livro.exe

Midia Technologies LLC

The file quem me roubou de mim padre fabio de melo 2011 livro.exe by Midia Technologies has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Midia Downloader installer. It is also typically executed from an Internet Explorer cache folder.

File name:

Publisher:

Arquivo Solicitado (signed by Midia Technologies LLC)

Product:

Arquivo Solicitado

Version:

1.0.0.0

MD5:

84959a3ec43b717a81721a14ae68ff55

SHA-1:

5ed606b2a5c7f6575b2450093e08209e6510a28c

SHA-256:

e8ca2e9c9ddaa4104c33e9db7f009cef886d4e170ad4b623b4ec0288dc8385bd

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/26/2024 12:44:43 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Midia Technologies (M)

17.3.15.23

File size:

485.5 KB (497,192 bytes)

Product version:

1.0.0.0

Bundler/Installer:

Midia Downloader

Language:

Brazilian Portuguese

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\quem me roubou de mim padre fabio de melo 2011 livro.exe.qrfleky.partial

Digital Signature

Signed by:

Midia Technologies LLC

Authority:

Unizeto Technologies S.A.

Valid from:

8/8/2013 2:19:34 AM

Valid to:

8/8/2014 2:19:34 AM

Subject:

E=midiatechnologies@gmail.com, CN="Open Source Developer, Midia Technologies", O=Midia Technologies LLC, C=US

Issuer:

CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

3812CCED5E4481D3AE657175C8E91AFF

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x14D4B0

Entry point:

60, BE, 00, C0, 4D, 00, 8D, BE, 00, 50, F2, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

456 KB (466,944 bytes)

Remove quem me roubou de mim padre fabio de melo 2011 livro.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.