Threat Database Adware Adware.Maxifiles.A

Adware.Maxifiles.A

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 13,339
Threat Level: 20 % (Normal)
Infected Computers: 103
First Seen: July 16, 2021
Last Seen: March 29, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Adware.Maxifiles.A
Packers: UPX
Signature status: No Signature

Known Samples

MD5: fb8384c9689ba39692b455567349fd3d
SHA1: aab4e149e9156665ff8e856be1d71b9959cd5ec4
SHA256: E575AF0639F712B7929D9A771183DC91AF6473B2AA853C9588944E7880B23001
File Size: 204.91 KB, 204906 bytes
MD5: 3b4b366ddd30e0e6b95a16fe5796dc58
SHA1: 31a60d3e45ea0a5c43398cbd4979aa4d62998d84
SHA256: C9DE93D70FC4CA71ACFD918C5FBFF7E7154EF221BF0E0CFC9A1C91BCAAD0EEF9
File Size: 523.15 KB, 523148 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments http://www.autoitscript.com/autoit3/compiled.html
File Version
  • 3, 1, 1, 113
  • 3, 1, 1, 80
Legal Copyright Pb-games

File Traits

  • Autoit
  • big overlay
  • packed
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 1,018
Potentially Malicious Blocks: 343
Whitelisted Blocks: 663
Unknown Blocks: 12

Visual Map

0 x 0 x 0 0 x x x x 0 0 x 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 x 0 x x x 0 0 0 0 0 0 x 0 0 x 0 0 0 x 0 0 0 0 x x x x x x x 0 x x x 0 x x 0 x x x 0 x x x 0 x x x 0 0 0 x x x ? 0 x 0 0 x x 0 0 0 x x 0 0 0 x 0 x 0 x x x x x x x x x 0 0 0 0 x 0 x x x x 0 x 0 x x x x 0 0 0 x 0 x 0 0 x 0 0 x 0 0 0 0 0 0 0 x ? 0 x x x x x x x x x 0 x x x x x x x 0 0 0 x x x x 0 0 x x x x 0 0 0 x ? x x x 0 0 0 x x 0 0 x x 0 x x 0 0 x x x 0 x x 0 0 0 x 0 0 x 0 0 x 0 x x 0 0 0 0 0 x 0 0 0 0 x x x x x x x 0 x x ? x x x x ? x x x x x x x x x x x x x x x x x x x x x x 0 0 x x x 0 x 0 x x x 0 x ? ? x x x x x 0 x 0 0 0 x 0 x 0 x 0 x 0 0 0 0 x x x x x x x x x x x x x 0 0 0 0 0 0 x 0 0 x x 0 0 x 0 x x x 0 0 0 x x 0 x x x 0 0 x x 0 0 x x 0 0 x x x 0 0 0 0 0 0 x 0 x 0 x x 0 x 0 0 x x x 0 x 0 x 0 0 0 0 x 0 0 x x x x x x x 0 x x x 0 0 0 x 0 x 0 ? ? x x x x x x 0 0 0 0 0 0 x x x ? 0 0 0 x 0 x x 0 0 x x 0 x 0 0 0 x x 0 x ? x 0 0 0 x 0 x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x 0 0 x x x 0 0 0 0 0 x 0 ? x x x x x 0 x 0 0 0 0 0 0 x x x x x 0 x x x x x 0 x 0 x 0 0 x 0 0 0 x x 0 0 0 0 x 0 0 0 0 0 0 0 x x x 0 0 0 x 0 0 x 0 0 0 0 0 x x 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x 1 x x 0 x x x x x x x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x x x x 0 0 0 0 0 x 0 0 0 0 0 x x x x 0 1 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 1 0 1 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Maxifiles.A

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess

Shell Command Execution

regsvr32.exe /s C:\WINDOWS\system32\COMAudio.dll

Trending

Most Viewed

Loading...