» تمهيد لدرس ترتيب الأعداد.exe
Overview
Analysis
File Details

تمهيد لدرس ترتيب الأعداد.exe

4shared Desktop Setup

New IT Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application تمهيد لدرس ترتيب الأعداد.exe by New IT Limited has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the New IT Desktop Setup installer.

File name:

Publisher:

New IT Solutions (signed by New IT Limited)

Product:

4shared Desktop Setup

Version:

4.0.2.6

MD5:

9ef08304e2ec6d7ab097d62344464fcd

SHA-1:

63973304a5deae6ef9e69e80e7e0b19b89cee88f

SHA-256:

9e0d27dbafc41a4d5fb39fdf5b64915fa236aae4b1455342b63c76d5f7fe3aac

Scanner detections:

9 / 68

Status:

Adware

Explanation:

Bundles the Conduit Toolbar and/or Conduit Search Protect.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/28/2024 3:04:01 AM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

Application.Win32.NewIT.B

18194

Dr.Web

Adware.Conduit.3

9.0.1.0120

ESET NOD32

Win32/Toolbar.Conduit

8.9743

Malwarebytes

PUP.Optional.4Shared

v2014.04.30.05

NANO AntiVirus

Riskware.Win32.Conduit.csnygd

0.28.0.59608

Panda Antivirus

PUP/Conduit.A

14.04.30.05

Reason Heuristics

PUP.Installer.NewITLimited.Y

14.4.30.16

Rising Antivirus

PE:PUF.4Shared!1.9C25

23.00.65.14428

VIPRE Antivirus

Conduit

28728

File size:

5.1 MB (5,316,736 bytes)

New IT Solutions

File type:

Executable application (Win32 EXE)

Bundler/Installer:

New IT Desktop Setup (using Nullsoft Install System)

Common path:

C:\users\{user}\downloads\????? ???? ????? ???????.exe

Digital Signature

Signed by:

New IT Limited

Authority:

GoDaddy.com, Inc.

Valid from:

11/16/2012 8:16:05 PM

Valid to:

11/16/2013 6:30:34 PM

Subject:

CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B2A165690BBAA

File PE Metadata

Compilation timestamp:

4/10/2010 3:19:31 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:qaahy5jT88G0cL2YXJrDV3CbPPP6r2/UKA+VHTd0FfZhA:qtMQDJrDVCTXgWTdY7

Entry address:

0x354B

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00... 
[+]

Entropy:

7.9934

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

Remove تمهيد لدرس ترتيب الأعداد.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.