» الاختبار الأول.exe
Overview
Analysis
File Details

الاختبار الأول.exe

CHummer

New IT Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application الاختبار الأول.exe, “Description is empty” by New IT Limited has been detected as adware by 16 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. It is also typically executed from the user's temporary directory.

File name:

الاختبار الأول.exe

Publisher:

Elit -e - Company (signed by New IT Limited)

Product:

CHummer

Description:

Description is empty

Version:

3, 5, 12, 0

MD5:

feb02bfcb22de31b41637ad994d187d4

SHA-1:

9b98bd36993b5dbab94be518717dd0602949724f

SHA-256:

ff5c8e6fc946adc323f95ea26018126b3567769c7ed5ee7241471c351f6bd4be

Scanner detections:

16 / 68

Status:

Adware

Analysis date:

4/19/2024 12:23:46 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Jaiks.244

856

AegisLab AV Signature

Troj.Dropper.W32.Agent

2.1.4+

Avira AntiVirus

APPL/Downloader.Gen

7.11.176.28

AVG

Generic

2015.0.3334

Bitdefender

Gen:Variant.Application.Bundler.Jaiks.244

1.0.20.1375

Dr.Web

Adware.Downware.2538

9.0.1.05190

ESET NOD32

Win32/4Shared (variant)

8.10499

F-Prot

W32/A-35b3d9ee

v6.4.7.1.166

F-Secure

Gen:Variant.Application.Bundler

11.2014-02-10_5

G Data

Gen:Variant.Application.Bundler.Jaiks.244

14.10.24

K7 AntiVirus

Unwanted-Program

13.183.13550

McAfee

PUP-FNX

5600.6990

MicroWorld eScan

Gen:Variant.Application.Bundler.Jaiks.244

15.0.0.825

Panda Antivirus

Trj/Genetic.gen

14.10.02.08

Reason Heuristics

PUP.NewITLimited.O

14.10.2.8

Sophos

4Share Downloader

4.98

File size:

513.6 KB (525,936 bytes)

Product version:

3, 5, 12, 0

2014

Trademarks:

Original file name:

DHelper

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\???????? ?????.exe

Digital Signature

Signed by:

New IT Limited

Authority:

Starfield Technologies, Inc.

Valid from:

5/14/2014 3:00:04 PM

Valid to:

12/30/2016 10:33:53 AM

Subject:

CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:

CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

049768F7F19C91

File PE Metadata

Compilation timestamp:

9/4/2014 1:15:03 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:FkAPdrjvz9VDjHNzFuqszwDy9FOOGrDBumxT:zPJv/9JNy9FOOGr9T

Entry address:

0x3E9B8

Entry point:

E8, 39, BF, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 14, A1, 78, 7C, 46, 00, 33, C5, 89, 45, FC, 53, 56, 33, DB, 57, 8B, F1, 39, 1D, 7C, AB, 46, 00, 75, 38, 53, 53, 33, FF, 47, 57, 68, 18, C3, 45, 00, 68, 00, 01, 00, 00, 53, FF, 15, 8C, 81, 45, 00, 85, C0, 74, 08, 89, 3D, 7C, AB, 46, 00, EB, 15, FF, 15, DC, 80, 45, 00, 83, F8, 78, 75, 0A, C7, 05, 7C, AB, 46, 00, 02, 00, 00, 00, 39, 5D, 14, 7E, 22, 8B, 4D, 14, 8B, 45, 10, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, 45, 14, 2B, C1... 
[+]

Entropy:

6.7599

Code size:

344.5 KB (352,768 bytes)

Remove الاختبار الأول.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.