home

saveas.exe

SuperCharging

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application saveas.exe by Maxiget Limited has been detected as adware by 5 anti-malware scanners.
Publisher:
SPC LLC  (signed by Maxiget Limited)

Product:
SuperCharging

Description:
DWD

Version:
3, 3, 14, 0

MD5:
e7249b13c53f4d7a1700622d139f459c

SHA-1:
c4b208d311c0098e9764e9c147af04fc727ed83b

SHA-256:
fe80ef4271c94303716e3174db76abc734eb491f5f3edfdad4e88b71530a5a9b

Scanner detections:
5 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:
4/25/2024 12:30:17 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Generic
2015.0.3500

ESET NOD32
Win32/4Shared (variant)
8.9698

Reason Heuristics
PUP.MaxigetLimited.G
14.8.7.21

Sophos
4Share Downloader
4.98

VIPRE Antivirus
Trojan.Win32.Generic
28378

File size:
394 KB (403,448 bytes)

Product version:
3, 3, 14, 0

Copyright:
2013

Trademarks:
-

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\saveas.exe

Digital Signature
Signed by:
Maxiget Limited

Authority:
GoDaddy.com, Inc.

Valid from:
8/15/2013 9:41:32 AM

Valid to:
8/15/2016 9:41:32 AM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
045BA815265145

File PE Metadata
Compilation timestamp:
4/11/2014 7:55:42 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:mdEYvY6OaYZxwl+2zZbBFS2rBJIg9xc5Vz2KEbItLaUp:mSYvfHGxwMyZbzS8qgELz2KFtLLp

Entry address:
0x23B64

Entry point:
E8, 44, 8B, 00, 00, E9, 78, FE, FF, FF, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24, 04...
 
[+]

Entropy:
6.8569

Code size:
220 KB (225,280 bytes)

Remove saveas.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.