» saveas.exe
Overview
Analysis
File Details
Downloads (1)

saveas.exe

Filegetter

Maxiget Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application saveas.exe, “Helps file downloading” by Maxiget Limited has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the New IT Desktop Setup installer. The file has been seen being downloaded from ds212.simple-get.net.

File name:

saveas.exe

Publisher:

Company limited (signed by Maxiget Limited)

Product:

Filegetter

Description:

Helps file downloading

Version:

3, 3, 40, 0

MD5:

97723bc4947a2ddcdb23d0b369b39918

SHA-1:

82057832ed077cc429665a7b4c699999c1a5d2e8

Scanner detections:

31 / 68

Status:

Adware

Explanation:

This is a modified installer version of the software and bundles additional offers including adware.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

5/20/2024 9:55:33 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Strictor.58208

369

Agnitum Outpost

PUA.4Shared

7.1.1

AhnLab V3 Security

PUP/Win32.Downloader

2014.11.20

Avira AntiVirus

APPL/Downloader.Gen

7.11.163.2

avast!

Win32:Adware-gen [Adw]

2014.9-160201

AVG

Generic

2017.0.2847

Baidu Antivirus

PUA.Win32.4Shared

4.0.3.1621

Bitdefender

Gen:Variant.Adware.Strictor.58208

1.0.20.160

Bkav FE

HW32.Packed

1.3.0.4959

Clam AntiVirus

Win.Trojan.4shared-10

0.98/20576

Comodo Security

Application.Win32.4Shared.K

19211

Dr.Web

Adware.Downware.1751

9.0.1.032

Emsisoft Anti-Malware

Gen:Variant.Adware.Strictor.58208

8.16.02.01.10

ESET NOD32

Win32/4Shared.U potentially unwanted application

10.7.0.302.0

F-Prot

W32/A-22cc26dc

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Strictor.58208

11.2016-01-02_2

G Data

Win32.Application.4shared

16.2.24

IKARUS anti.virus

PUA.4Shared.U

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.181.12819

Malwarebytes

PUP.Optional.4Shared

v2016.02.01.10

McAfee

PUP-FIW

5600.6503

MicroWorld eScan

Gen:Variant.Adware.Strictor.58208

17.0.0.96

NANO AntiVirus

Trojan.Win32.Autoruner1.dcjmyy

0.28.2.60881

Norman

Application.Generic.1189741

11.20160201

Panda Antivirus

Trj/Genetic.gen

16.02.01.10

Reason Heuristics

PUP.New IT Limited.Maxiget.Bundler (M)

16.2.1.10

Rising Antivirus

PE:Malware.GetFaster!6.1B62

23.00.65.16130

Sophos

4Share Downloader

4.98

Vba32 AntiVirus

Downloader.GetFaster

3.12.26.3

VIPRE Antivirus

Threat.4150696

31208

Zillya! Antivirus

Backdoor.PePatch.Win32.55587

2.0.0.2105

File size:

365.8 KB (374,592 bytes)

Product version:

3, 3, 40, 0

2014

Trademarks:

Company(C)

Original file name:

FilegetterInstrumnet

File type:

Executable application (Win32 EXE)

Bundler/Installer:

New IT Desktop Setup

Language:

Language Neutral

Common path:

C:\documents and settings\mike\mes documents\downloads\saveas.exe

Digital Signature

Signed by:

Maxiget Limited

Authority:

GoDaddy.com, Inc.

Valid from:

6/3/2014 3:41:06 AM

Valid to:

8/15/2016 1:41:32 AM

Subject:

CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

043F9C868704FA

File PE Metadata

Compilation timestamp:

7/3/2014 7:08:41 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:s489ZiC6JP4ftCbVtqNwGZJM7NccxIWEIU:s5ZiC6JP48ZtqLavxIWu

Entry address:

0x2DD81

Entry point:

E8, 6C, 89, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B... 
[+]

Code size:

257.5 KB (263,680 bytes)

The file saveas.exe has been seen being distributed by the following URL.

https://ds212.simple-get.net/smart-download/.../SaveAs.exe

Remove saveas.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.