Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.Machaer

Adware.Machaer

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 7,740
Threat Level: 20 % (Normal)
Infected Computers: 7,818
First Seen: February 25, 2022
Last Seen: June 14, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Adware.Machaer
Signature status: Self Signed

Known Samples

MD5: 8657943408e6391e524e1d0a972a1703
SHA1: 60fe4a6c746cdbd487f92180c342c72e5846b6a1
File Size: 4.72 MB, 4723384 bytes
MD5: 59a482e17d2721cda5e5adfd608826e9
SHA1: 4733b1e1d10dbec2329ec6eb94380cc6ec73b704
SHA256: CD308C42799980739BEF600723305EF9F49F91E13AFEAF9CF39A950C431D9BAF
File Size: 6.89 MB, 6889024 bytes
MD5: 674226a48964cc6da995fff5bdf67ad8
SHA1: bf1c90dffa637f5fda4a47479ef1543e17b7ffa6
SHA256: DEB93106D400D746E9BDBD0D65FD9DDD9AB937B25D4CDA98886C5430DD2CDEFC
File Size: 239.32 KB, 239323 bytes
MD5: a2fa6acf9ff0639049b266c1b5665c3e
SHA1: 5d8ce3f62e7734ab503f513ca669ce1c180c2031
SHA256: A76389F5A6A285BC044406B19759ABB8D836F634471F0A4CD59EF9D08F17FE63
File Size: 5.09 MB, 5087416 bytes
MD5: fda652fd6fe10700e4a612d24b3a0e27
SHA1: 286d67b183d31a8b27c73fe1022108a25ceb741c
SHA256: 5AC7370FC392FE81AC80F3A6573C1652EBB8F1329C75EE87C6946F050D368115
File Size: 5.23 MB, 5226496 bytes
Show More
MD5: a31ff06ab3db6bf06b447beaa96958a9
SHA1: 03ba6e6578a54e947ed491468097c1ee75c9a5ad
SHA256: D80F14101E90B0E72664AD5D41477E34642CC3E0D30078BF4F461EDA41FB33D0
File Size: 86.71 KB, 86712 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments Установщик Mail.Ru Агента
Company Name Mail.Ru
File Description
  • Mail.Ru Агент
  • Mail.RU модуль для windows media
  • SoftContainer Module
  • Установщик Mail.Ru Агента
File Version
  • 5, 10, 5328, 0
  • 5, 3, 2552, 0
  • 1, 0, 0, 1205
  • 1, 0, 0, 111
  • 1, 0, 0, 12
Internal Name
  • magent
  • magentsetup.exe
  • MRATag
  • SoftContainer
Legal Copyright
  • Copyright (C) 2001 - 2012
  • Copyright (C) 2007 - 2008
  • Copyright 2010
  • Copyright © 2007-2008
Original Filename
  • magent.exe
  • magentsetup.exe
  • MRATag.dll
  • SoftContainer.exe
Product Name
  • Mail.Ru Агент
  • MRATag
  • SoftContainer Module
  • Установщик Mail.Ru Агента
Product Version
  • 5, 10, 5328, 0
  • 5, 3, 2552, 0
  • 1, 0, 0, 1205
  • 1, 0, 0, 111
  • 1, 0, 0, 12
Thin App Build Date Time 20120428 183325
Thin App License ThinApp Packager Suite
Thin App Version 4.7.0-519532

Digital Signatures

Signer Root Status
LLC Mail.Ru Thawte Code Signing CA Self Signed
OOO Port.Ru Thawte Code Signing CA Hash Mismatch
OOO Port.Ru Thawte Code Signing CA Self Signed
LLC Mail.Ru Thawte Code Signing CA - G2 Self Signed

File Traits

  • HighEntropy
  • Installer Version
  • ntdll
  • x86

Block Information

Total Blocks: 373
Potentially Malicious Blocks: 2
Whitelisted Blocks: 354
Unknown Blocks: 17

Visual Map

? ? ? ? ? ? 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 1 2 0 1 0 0 1 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 1 0 0 0 0 0 0 2 3 0 1 0 1 0 0 0 0 1 1 1 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 1 1 1 1 0 0 1 0 0 2 2 0 1 0 0 1 0 1 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 2 1 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 3 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\temp\installerlang.xml Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\mail.ru\container\1.0.0.111::usagecount  RegNtPreCreateKey
HKCU\software\mail.ru\container\1.0.0.111::dontshowdialog RegNtPreCreateKey

Windows API Usage

Category API
Network Wininet
  • InternetOpen
  • InternetOpenUrl
  • InternetSetOption
Anti Debug
  • NtQuerySystemInformation
Other Suspicious
  • SetWindowsHookEx
Network Winsock2
  • WSAStartup
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtQueryAttributesFile
Show More
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\03ba6e6578a54e947ed491468097c1ee75c9a5ad_0000086712.,LiQMAxHB

Related Posts

Trending

Most Viewed

Loading...