home

saveas.exe

Filegetter

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application saveas.exe, “Helps file downloading” by Maxiget Limited has been detected as adware by 31 anti-malware scanners. The file has been seen being downloaded from ds133.files-fast.net.
Publisher:
Company limited  (signed by Maxiget Limited)

Product:
Filegetter

Description:
Helps file downloading

Version:
3, 3, 40, 0

MD5:
85d822fb5481bc4a549ebe89ced3a4a7

SHA-1:
1ddb0b75ff259f6cf0039b882bbef8d10fb61d09

SHA-256:
57d9315783d86b1c9c3f95655bbb3f33a6244aaed9bf92f5f235b9fcd9b6a23d

Scanner detections:
31 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:
4/26/2024 1:34:51 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.58208
354

Agnitum Outpost
PUA.4Shared
7.1.1

AhnLab V3 Security
PUP/Win32.Downloader
2014.11.20

Avira AntiVirus
APPL/Downloader.Gen
7.11.163.2

avast!
Win32:Adware-gen [Adw]
2014.9-160215

AVG
Generic
2017.0.2832

Baidu Antivirus
PUA.Win32.4Shared
4.0.3.16215

Bitdefender
Gen:Variant.Adware.Strictor.58208
1.0.20.230

Bkav FE
HW32.Packed
1.3.0.4959

Clam AntiVirus
Win.Trojan.4shared-10
0.98/20576

Comodo Security
Application.Win32.4Shared.K
19211

Dr.Web
Adware.Downware.1751
9.0.1.046

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.58208
8.16.02.15.12

ESET NOD32
Win32/4Shared.U potentially unwanted application
10.7.0.302.0

F-Prot
W32/A-22cc26dc
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Strictor.58208
11.2016-15-02_2

G Data
Win32.Application.4shared
16.2.24

IKARUS anti.virus
PUA.4Shared.U
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.181.12819

Malwarebytes
PUP.Optional.4Shared
v2016.02.15.12

McAfee
PUP-FIW
5600.6488

MicroWorld eScan
Gen:Variant.Adware.Strictor.58208
17.0.0.138

NANO AntiVirus
Trojan.Win32.Autoruner1.dcjmyy
0.28.2.60881

Norman
Application.Generic.1189741
11.20160215

Panda Antivirus
Trj/Genetic.gen
16.02.15.12

Reason Heuristics
PUP.New IT Limited.Maxiget (M)
16.2.15.12

Rising Antivirus
PE:Malware.GetFaster!6.1B62
23.00.65.16213

Sophos
4Share Downloader
4.98

Vba32 AntiVirus
Downloader.GetFaster
3.12.26.3

VIPRE Antivirus
Threat.4150696
31208

Zillya! Antivirus
Backdoor.PePatch.Win32.55587
2.0.0.2105

File size:
443.5 KB (454,160 bytes)

Product version:
3, 3, 40, 0

Copyright:
2014

Trademarks:
Company(C)

Original file name:
FilegetterInstrumnet

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\saveas.exe

Digital Signature
Signed by:
Maxiget Limited

Authority:
GoDaddy.com, Inc.

Valid from:
6/3/2014 3:41:06 PM

Valid to:
8/15/2016 1:41:32 PM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
043F9C868704FA

File PE Metadata
Compilation timestamp:
7/3/2014 7:09:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:hfMcf851TZI7UQ3EbYg50H3Bf6kELz2KFklU:h0ckhFQ+Yg50Hxfp42KKU

Entry address:
0x2B30B

Entry point:
E8, FD, A3, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 14, A1, A8, ED, 44, 00, 33, C5, 89, 45, FC, 53, 56, 33, DB, 57, 8B, F1, 39, 1D, 04, 06, 45, 00, 75, 38, 53, 53, 33, FF, 47, 57, 68, 60, 3E, 44, 00, 68, 00, 01, 00, 00, 53, FF, 15, 50, 11, 44, 00, 85, C0, 74, 08, 89, 3D, 04, 06, 45, 00, EB, 15, FF, 15, CC, 10, 44, 00, 83, F8, 78, 75, 0A, C7, 05, 04, 06, 45, 00, 02, 00, 00, 00, 39, 5D, 14, 7E, 22, 8B, 4D, 14, 8B, 45, 10, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, 45, 14, 2B, C1...
 
[+]

Entropy:
6.9178

Code size:
252.5 KB (258,560 bytes)

The file saveas.exe has been seen being distributed by the following URL.

https://ds133.files-fast.net/.../SaveAs.exe

Remove saveas.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.