home

saveas.exe

Filegetter

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application saveas.exe, “Helps file downloading” by Maxiget Limited has been detected as adware by 31 anti-malware scanners. The file has been seen being downloaded from sly.simple-get.net.
Publisher:
Company limited  (signed by Maxiget Limited)

Product:
Filegetter

Description:
Helps file downloading

Version:
3, 3, 40, 0

MD5:
788ed3eb92ac002111b083c1de3b012a

SHA-1:
3d314e820efba8a3e389bdfa1cf6a81d24445c37

SHA-256:
e2d44c956588b584c9de2d5eed191fe9c24d6a23a09000f64bf414d17f5c878e

Scanner detections:
31 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:
5/21/2024 8:51:53 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.58208
356

Agnitum Outpost
PUA.4Shared
7.1.1

AhnLab V3 Security
PUP/Win32.Downloader
2014.11.20

Avira AntiVirus
APPL/Downloader.Gen
7.11.163.2

avast!
Win32:Adware-gen [Adw]
2014.9-160213

AVG
Generic
2017.0.2834

Baidu Antivirus
PUA.Win32.4Shared
4.0.3.16213

Bitdefender
Gen:Variant.Adware.Strictor.58208
1.0.20.220

Bkav FE
HW32.Packed
1.3.0.4959

Clam AntiVirus
Win.Trojan.4shared-10
0.98/20576

Comodo Security
Application.Win32.4Shared.K
19211

Dr.Web
Adware.Downware.1751
9.0.1.044

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.58208
8.16.02.13.02

ESET NOD32
Win32/4Shared.U potentially unwanted application
10.7.0.302.0

F-Prot
W32/A-22cc26dc
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Strictor.58208
11.2016-13-02_7

G Data
Win32.Application.4shared
16.2.24

IKARUS anti.virus
PUA.4Shared.U
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.181.12819

Malwarebytes
PUP.Optional.4Shared
v2016.02.13.02

McAfee
PUP-FIW
5600.6490

MicroWorld eScan
Gen:Variant.Adware.Strictor.58208
17.0.0.132

NANO AntiVirus
Trojan.Win32.Autoruner1.dcjmyy
0.28.2.60881

Norman
Application.Generic.1189741
11.20160213

Panda Antivirus
Trj/Genetic.gen
16.02.13.02

Reason Heuristics
PUP.New IT Limited.Maxiget (M)
16.2.13.14

Rising Antivirus
PE:Malware.GetFaster!6.1B62
23.00.65.16211

Sophos
4Share Downloader
4.98

Vba32 AntiVirus
Downloader.GetFaster
3.12.26.3

VIPRE Antivirus
Threat.4150696
31208

Zillya! Antivirus
Backdoor.PePatch.Win32.55587
2.0.0.2105

File size:
368 KB (376,784 bytes)

Product version:
3, 3, 40, 0

Copyright:
2014

Trademarks:
Company(C)

Original file name:
FilegetterInstrumnet

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\saveas.exe

Digital Signature
Signed by:
Maxiget Limited

Authority:
GoDaddy.com, Inc.

Valid from:
6/3/2014 2:11:06 PM

Valid to:
8/15/2016 12:11:32 PM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
043F9C868704FA

File PE Metadata
Compilation timestamp:
7/3/2014 5:38:41 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:E489ZiC6JP4ftCbVtqNwGZJM7NccNYBzipYK0QbD:E5ZiC6JP48ZtqLavNvi+

Entry address:
0x2DD81

Entry point:
E8, 6C, 89, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B...
 
[+]

Entropy:
6.4524

Code size:
257.5 KB (263,680 bytes)

The file saveas.exe has been seen being distributed by the following URL.

https://sly.simple-get.net/smart-download/.../SaveAs.exe

Remove saveas.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.