home

saveas.exe

CHummer

Maxiget Software

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application saveas.exe, “Description is empty” by Maxiget Software has been detected as adware by 14 anti-malware scanners. The file has been seen being downloaded from pty.files-download-17.com.
Publisher:
Elit -e - Company  (signed by Maxiget Software)

Product:
CHummer

Description:
Description is empty

Version:
3, 5, 13, 0

MD5:
df6069b9ba44e0ed89fe510373359967

SHA-1:
c1e03eb89a8cc38e804b9b1bbac107d65356ae44

SHA-256:
52a9bd74ca4afe3189da6401dda4641ae19e4bfe2b9595c2df3f789100537170

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
4/19/2024 11:34:14 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AegisLab AV Signature
Win.Troj
2.1.4+

Agnitum Outpost
PUA.Downloader
7.1.1

Avira AntiVirus
APPL/Downloader.Gen8
7.11.180.234

AVG
Generic
2015.0.3312

Clam AntiVirus
Win.Trojan.4shared-26
0.98/21411

ESET NOD32
probably Win32/4Shared.X potentially unwanted application
7.0.302.0

G Data
Win32.Application.4shared
14.10.24

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
15.0.0.494

Malwarebytes
PUP.Optional.Elite
v2014.10.24.06

McAfee
4shared
5600.6968

NANO AntiVirus
Trojan.Win32.AdLoad.dgahty
0.28.2.62841

Reason Heuristics
PUP.MaxigetSoftware.G
14.10.24.5

Vba32 AntiVirus
Downloader.AdLoad
3.12.26.3

Zillya! Antivirus
Downloader.Adload.Win32.17712
2.0.0.1966

File size:
37.2 KB (38,072 bytes)

Product version:
3, 5, 13, 0

Copyright:
2014

Trademarks:
No

Original file name:
DHelper

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\??????????\saveas.exe

Digital Signature
Signed by:
Maxiget Software

Authority:
Maxiget CA

Valid from:
6/18/2014 1:55:18 PM

Valid to:
2/18/2016 1:55:17 PM

Subject:
CN=Maxiget Software

Issuer:
CN=Maxiget CA

Serial number:
17A0EA9F

File PE Metadata
Compilation timestamp:
9/5/2014 7:53:24 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:1Owfivq/RsoZNUYbmSChHUborYp9vZ12CTC+06:B3mhhfYp9x12CTCw

Entry address:
0x3210

Entry point:
55, 8B, EC, 83, E4, F8, 83, EC, 0C, 53, 56, 57, 8D, 44, 24, 10, 50, C7, 44, 24, 14, 08, 00, 00, 00, C7, 44, 24, 18, 20, 00, 00, 00, FF, 15, 00, 40, 40, 00, 68, 28, 0A, 00, 00, 68, A0, 1F, B9, 00, 6A, 00, FF, 15, 94, 40, 40, 00, 6A, 00, 68, 80, 00, 00, 00, 6A, 03, 6A, 00, 6A, 01, 68, 00, 00, 00, 80, 68, A0, 1F, B9, 00, FF, 15, 8C, 40, 40, 00, 8B, F8, 83, FF, FF, 0F, 84, 30, 01, 00, 00, E8, BA, E3, FF, FF, 57, 8B, 3D, 90, 40, 40, 00, 8A, D8, FF, D7, 84, DB, 0F, 84, 18, 01, 00, 00, 66, 83, 3D, C8, A0, 40, 00...
 
[+]

Entropy:
5.2961

Developed / compiled with:
Microsoft Visual C++

Code size:
9 KB (9,216 bytes)

The file saveas.exe has been seen being distributed by the following URL.

http://pty.files-download-17.com/.../SaveAs.exe

Remove saveas.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.