» saveas.exe
Overview
Analysis
File Details
Downloads (1)

saveas.exe

Filegetter

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application saveas.exe, “Helps file downloading” by Maxiget Limited has been detected as adware by 31 anti-malware scanners. The file has been seen being downloaded from ds212.simple-get.net.

File name:

saveas.exe

Publisher:

Company limited (signed by Maxiget Limited)

Product:

Filegetter

Description:

Helps file downloading

Version:

3, 3, 40, 0

MD5:

dd124114ecbed689b3cde1b52e36f078

SHA-1:

02806983a002ca2c37b55997eaaad4d9feef4e1d

SHA-256:

3fb48837ad1719a8833db0a0d95f4eec77ef26c26a8830b2b289da4bf8112b9c

Scanner detections:

31 / 68

Status:

Adware

Explanation:

This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:

5/17/2024 1:50:39 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Strictor.58208

480

Agnitum Outpost

PUA.4Shared

7.1.1

AhnLab V3 Security

PUP/Win32.Downloader

2015.01.27

Avira AntiVirus

APPL/Downloader.Gen

7.11.163.2

avast!

Win32:Adware-gen [Adw]

2014.9-151013

AVG

Generic

2016.0.2958

Baidu Antivirus

PUA.Win32.4Shared

4.0.3.151013

Bitdefender

Gen:Variant.Adware.Strictor.58208

1.0.20.1430

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Trojan.4shared-10

0.98/20576

Comodo Security

Application.Win32.4Shared.K

19211

Dr.Web

Adware.Downware.1751

9.0.1.0286

Emsisoft Anti-Malware

Gen:Variant.Adware.Strictor.58208

8.15.10.13.09

ESET NOD32

Win32/4Shared (variant)

9.10048

F-Prot

W32/A-22cc26dc

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Strictor.58208

11.2015-13-10_3

G Data

Gen:Variant.Adware.Strictor.58208

15.10.24

IKARUS anti.virus

PUA.4Shared.U

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.181.12819

Malwarebytes

PUP.Optional.4Shared

v2015.10.13.09

McAfee

PUP-FIW

5600.6614

MicroWorld eScan

Gen:Variant.Adware.Strictor.58208

16.0.0.858

NANO AntiVirus

Trojan.Win32.Autoruner1.dcjmyy

0.28.2.60881

Norman

Application.Generic.1189741

11.20151013

Panda Antivirus

Trj/Genetic.gen

15.10.13.09

Reason Heuristics

PUP.New IT Limited.Maxiget (M)

15.10.13.9

Rising Antivirus

PE:Malware.GetFaster!6.1B62

23.00.65.151011

Sophos

4Share Downloader

4.98

Vba32 AntiVirus

Downloader.GetFaster

3.12.26.3

VIPRE Antivirus

Threat.4150696

31208

Zillya! Antivirus

Backdoor.PePatch.Win32.55587

2.0.0.2105

File size:

368.3 KB (377,152 bytes)

Product version:

3, 3, 40, 0

2014

Trademarks:

Company(C)

Original file name:

FilegetterInstrumnet

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\saveas.exe

Digital Signature

Signed by:

Maxiget Limited

Authority:

GoDaddy.com, Inc.

Valid from:

6/3/2014 2:11:06 PM

Valid to:

8/15/2016 12:11:32 PM

Subject:

CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

043F9C868704FA

File PE Metadata

Compilation timestamp:

7/3/2014 5:38:41 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:G489ZiC6JP4ftCbVtqNwGZJM7NccN+xtjb59:G5ZiC6JP48ZtqLavNCn

Entry address:

0x2DD81

Entry point:

E8, 6C, 89, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B... 
[+]

Entropy:

6.4506

Code size:

257.5 KB (263,680 bytes)

The file saveas.exe has been seen being distributed by the following URL.

https://ds212.simple-get.net/smart-download/.../TALLY 7.2 FUL WITH CRACK.exe

Remove saveas.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.