» saveas.exe
Overview
Analysis
File Details
Downloads (1)

saveas.exe

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application saveas.exe by Maxiget Limited has been detected as adware by 11 anti-malware scanners. The file has been seen being downloaded from stl.files-fast.net.

File name:

saveas.exe

Publisher:

Maxiget Limited (signed and verified)

Version:

3, 3, 50, 0

MD5:

66dc0552226d3287b762d981d2439d2c

SHA-1:

3e084c40fc10967c733262fdbcf196e54414fb35

SHA-256:

58936be55856ef0896c7c17731fba1519b2c805c93b6752fcf01c46c3f094873

Scanner detections:

11 / 68

Status:

Adware

Explanation:

This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:

4/23/2024 1:21:06 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Downloader.Gen

7.11.165.124

avast!

Win32:Adware-gen [Adw]

2014.9-141031

AVG

Generic

2015.0.3305

Comodo Security

Application.Win32.4Shared.K

19096

Dr.Web

Adware.Downware.1751

9.0.1.0304

ESET NOD32

Win32/4Shared.U potentially unwanted application

8.7.0.302.0

G Data

Win32.Application.4shared

14.10.24

herdProtect (fuzzy)

variant of 00000000 (Adware)

2014.10.31.9

Malwarebytes

PUP.Optional.4Shared

v2014.10.31.05

Reason Heuristics

PUP.MaxigetLimited.G

14.8.14.19

Sophos

4Share Downloader

4.98

File size:

434 KB (444,416 bytes)

Product version:

3, 3, 50, 0

2014

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\saveas.exe

Digital Signature

Signed by:

Maxiget Limited

Authority:

GoDaddy.com, Inc.

Valid from:

6/3/2014 1:41:06 AM

Valid to:

8/14/2016 11:41:32 PM

Subject:

CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

043F9C868704FA

File PE Metadata

Compilation timestamp:

7/30/2014 3:20:06 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:BW1Lhm/SF9U5gs5+yljl+Gyj+5GNELz2KF8X:BW1LhmeG5L5+yljER+5GN42Ka

Entry address:

0x2BC8B

Entry point:

E8, F6, A3, 00, 00, E9, 78, FE, FF, FF, CC, 8B, FF, 55, 8B, EC, 83, EC, 14, A1, B8, ED, 44, 00, 33, C5, 89, 45, FC, 53, 56, 33, DB, 57, 8B, F1, 39, 1D, 04, 06, 45, 00, 75, 38, 53, 53, 33, FF, 47, 57, 68, 94, 3F, 44, 00, 68, 00, 01, 00, 00, 53, FF, 15, 60, 11, 44, 00, 85, C0, 74, 08, 89, 3D, 04, 06, 45, 00, EB, 15, FF, 15, E4, 10, 44, 00, 83, F8, 78, 75, 0A, C7, 05, 04, 06, 45, 00, 02, 00, 00, 00, 39, 5D, 14, 7E, 22, 8B, 4D, 14, 8B, 45, 10, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, 45, 14, 2B... 
[+]

Entropy:

6.8689

Code size:

255 KB (261,120 bytes)

The file saveas.exe has been seen being distributed by the following URL.

https://stl.files-fast.net/.../SaveAs.exe

Remove saveas.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.