Marvelsound
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 8,958 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 1,795 |
| First Seen: | December 1, 2016 |
| Last Seen: | January 22, 2026 |
| OS(es) Affected: | Windows |
The Marvelsound software is offered to Windows users that like to listen to music with style. Marvelsound is presented as a sleek music player that has more than just a pretty interface. The Marvelsound media player is advertised at Marvelsound.com as a powerful audio organizer and render. Computer users can download and benefit from Marvelsound for free according to the official information on Marvelsound.com. The Marvelsound application can be used to catalog your audio records and orchestrate your favorite music pieces into a handy playlist that is only one click away. If you are sold on the Marvelsound software, we have a few things to say that you may want to consider before installing the media player. Marvelsound is recognized as a Potentially Unwanted Program (PUP) with adware capabilities and AV vendors flag its installer package as:
- W32/NewMalware-LSU-based!Maximu
- PUP.Optional.MarvelSound
Additionally, the installer is signed by a company named Genesistyle Ltd., which does not have an official page on the Internet. The Marvelsound program is developed with the founding of advertisers and users should expect to see a number of promotional materials shown within the Marvelsound player and through the browser. The following excerpts from the EULA that comes with Marvelsound should be taken in into consideration when you decide to install the audio player:
'The license granted to User, through these Terms, permits use of the MarvelSound Software Application during an unlimited period, at no cost. The MarvelSound Software Application may be used as many times as you like, for as long as you like. The license allows video and/or audio advertising messages to be displayed during User’s use of this “Free” version of the MarvelSound Software Application.'
'The MarvelSound Software Application is supported by advertising revenue and may display video and/or audio advertisements or promotions. These advertisements may be targeted to the content of information accessed by User, questions answered by User or other information, in the sole discretion of MarvelSound.'
Computer users might want to seek a better alternative to Marvelsound that does not push advertisements on the screen. There is nothing wrong with a freeware creator trying to monetize some of its work but the way Marvelsound collects information to facilitate targeted marketing is not transparent. The EULA of Marvelsound does not provide information to users what type of statistical data is collected and who has access to the data. This is disconcerting, and you might wish to remove the Marvelsound player with the help of a credible anti-spyware tool.
Table of Contents
Analysis Report
General information
| Family Name: | Adware.Elex Hijacker.G |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
002d57a11ad92496dd44c3b13f99c7c5
SHA1:
ccc39d270246476a8f05d9eb354a7bbe0a4a7f9b
SHA256:
AC4932F3D9A82F646E0DD6889A409385F0A5690FB03860EC3122F335AEE7DE99
File Size:
2.29 MB, 2288980 bytes
|
|
MD5:
9a37446d27b4289ec1ba4049c340b7c1
SHA1:
a82ae1008a73ce47fcc14708eac518e20771012b
SHA256:
89B756B645400278DE0F3237B62EBBB5FBB020A7BEEA3FD52902EC6B5742BDA7
File Size:
145.41 KB, 145408 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File has exports table
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name | WeLink |
| File Description | WeLink |
| File Version | 6.6.0.18 |
| Internal Name | WeLink.exe |
| Legal Copyright | Copyright (C) WeLink.com 2010 |
| Original Filename | WeLink.exe |
| Product Name | WeLink |
| Product Version | 6.6.0.18 |
File Traits
- big overlay
- dll
- HighEntropy
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 446 |
|---|---|
| Potentially Malicious Blocks: | 8 |
| Whitelisted Blocks: | 409 |
| Unknown Blocks: | 29 |
Visual Map
? - Unknown Block
x - Potentially Malicious Block
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| \device\harddisk0\dr0 | Generic Read,Write Data,Write Attributes,Write extended,Append data |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Process Manipulation Evasion |
|
| Process Shell Execute |
|
| Anti Debug |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a82ae1008a73ce47fcc14708eac518e20771012b_0000145408.,LiQMAxHB
|
