» اختراق الفيسبوك.exe
Overview
Analysis
File Details
Downloads (2)

اختراق الفيسبوك.exe

4shared Desktop Setup

New IT Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application اختراق الفيسبوك.exe by New IT Limited has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the New IT Desktop Setup installer. This version of the installer will bundle the Ask.com Toolbar, a potentially unwanted web browser extension. The file has been seen being downloaded from rt3.getdownload.net and multiple other hosts.

File name:

اختراق الفيسبوك.exe

Publisher:

New IT Solutions (signed by New IT Limited)

Product:

4shared Desktop Setup

Version:

4.0.3.1

MD5:

84f4e1b0f87cc0b05cb4f77e03aac522

SHA-1:

c3b93d03ff2275f90d94a051c0697c94ff6fca5c

SHA-256:

a32c370217f689250354146a0e431c0df74a5b94c650f8e96f5fa4fe19c1bfe8

Scanner detections:

9 / 68

Status:

Adware

Explanation:

Bundles that Ask.com toolbar as a third-party offer, a web browser extension that may modify a user's search and home pages.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/29/2024 12:09:36 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.Clod979.Trojan

1.3.0.4613

Dr.Web

Adware.Downware.1417

9.0.1.02

ESET NOD32

Win32/Bundled.Toolbar.Ask (variant)

8.9190

herdProtect (fuzzy)

variant of طـرق الطعـن في الأحكـام القضـائية في قانـون الاجـراءات المدنية والإداريـة.exe (Adware)

2014.1.2.11

Malwarebytes

PUP.Optional.4Shared

v2014.01.02.11

McAfee

Artemis!A8563F17A5F3

5600.7263

Reason Heuristics

PUP.Optional.Installer.NewITLimited.P

14.2.16.6

Rising Antivirus

PE:PUF.4Shared!1.9C25

23.00.65.131231

Trend Micro House Call

TROJ_GEN.F47V0831

7.2.2

File size:

5.5 MB (5,770,848 bytes)

New IT Solutions

File type:

Executable application (Win32 EXE)

Bundler/Installer:

New IT Desktop Setup (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\?????? ????????.exe

Digital Signature

Signed by:

New IT Limited

Authority:

GoDaddy.com, Inc.

Valid from:

11/16/2012 6:16:05 PM

Valid to:

11/16/2013 4:30:34 PM

Subject:

CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B2A165690BBAA

File PE Metadata

Compilation timestamp:

4/10/2010 2:19:31 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:sWO7Z+ByxlOyexgcs6ArgkStxQM7osPuI+sPtumURA8oGNoD8MyeDFtGi5PHgS4A:st78By/OyexgT1l+P7jPz+dtHoKc/GMH

Entry address:

0x354B

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00... 
[+]

Entropy:

7.9938

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

The file اختراق الفيسبوك.exe has been seen being distributed by the following 2 URLs.

http://rt3.getdownload.net/downloadhelper/named/desktop_4031/nsa3JuVv/.../?????? ????????.exe

Remove اختراق الفيسبوك.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.