home

windows-live-messenger-2009-1408117416-baixaki-32-bits.exe

The application windows-live-messenger-2009-1408117416-baixaki-32-bits.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from dl.baixaki.com.br.
MD5:
f6a468fefae9a66b893f8be7789dda4e

SHA-1:
ac48663da43a5b04e768a4f0454453c612a64462

SHA-256:
1113b4a3de19f5efcb08bf40421408900b634083265feedb84e6011fd3c803cc

Scanner detections:
23 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/26/2024 8:53:49 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.559747
1042

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
Adware/Installco.AB
7.11.119.122

Bitdefender
Adware.Generic.559747
1.0.20.440

Bkav FE
W32.Clod9cd.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17429

Dr.Web
Adware.InstallCore.76
9.0.1.088

Emsisoft Anti-Malware
Adware.Generic.559747
8.14.03.29.07

ESET NOD32
Win32/InstallCore.BA (variant)
8.9167

F-Prot
W32/InstallCore.S.gen
v6.4.7.1.166

F-Secure
Adware.Generic.559747
11.2014-29-03_7

G Data
Adware.Generic.559747
14.3.22

K7 AntiVirus
Unwanted-Program
13.174.10498

Malwarebytes
PUP.AdBundle
v2014.03.29.07

McAfee
Artemis!F6A468FEFAE9
5600.7176

MicroWorld eScan
Adware.Generic.559747
15.0.0.264

NANO AntiVirus
Trojan.Win32.InstallCore.cqqkpf
0.28.0.56692

Reason Heuristics
Threat.Win.Reputation.IMP
14.3.31.15

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14327

Sophos
Generic PUA KM
4.95

SUPERAntiSpyware
PUP.AdBundle
10697

Trend Micro House Call
TROJ_GEN.R0CBH05JC13
7.2.88

VIPRE Antivirus
Adware.Trojan.Win32.Generic
24306

File size:
1.1 MB (1,178,864 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\windows-live-messenger-2009-1408117416-baixaki-32-bits.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:dCbb3HF2KzBlRdN9AztvlQlJ/wAInrb08bfhVwg3GnmoAg2jab9V7nBclQOkq27q:dIb3HF2KzBlrN96tvlQlJ/wA+rb08bf1

Entry address:
0xD4EF0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 50, 44, 41, 00, E8, 0E, CD, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
865.5 KB (886,272 bytes)

The file windows-live-messenger-2009-1408117416-baixaki-32-bits.exe has been seen being distributed by the following URL.

http://dl.baixaki.com.br/programas/.../windows-live-messenger-2009-1408117416-baixaki-32-bits.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.