home

antiarp v6.0.2.exe

Filegetter

New IT Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application antiarp v6.0.2.exe, “Helps file downloading” by New IT Limited has been detected as adware by 13 anti-malware scanners.
Publisher:
Company limited  (signed by New IT Limited)

Product:
Filegetter

Description:
Helps file downloading

Version:
3, 3, 40, 0

MD5:
83999e3277734b0ceefbcea26c11149e

SHA-1:
d74b40bfe674377e079e715b3b3480f8befd71ad

SHA-256:
8e8a80b9f6c66b39d28f8a9758b0e2b0a9da7de4e13c84c93b1726dfee1dd03a

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
4/26/2024 8:46:38 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.4Shared
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.164.206

AVG
Generic
2015.0.3396

Dr.Web
Adware.Downware.5878
9.0.1.05190

ESET NOD32
Win32/4Shared.U potentially unwanted application
7.0.302.0

G Data
Win32.Application.4shared
14.7.24

herdProtect (fuzzy)
variant of dxtory 2.0.122 . incl license file.exe (Adware)
2014.9.10.18

IKARUS anti.virus
PUA.4Shared
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.182.12911

McAfee
PUP-FIW
5600.7052

NANO AntiVirus
Riskware.Win32.Downware.dcurvc
0.28.2.61148

Panda Antivirus
Trj/Genetic.gen
14.07.31.03

Reason Heuristics
PUP.NewITLimited.M
14.7.31.14

File size:
412.3 KB (422,208 bytes)

Product version:
3, 3, 40, 0

Copyright:
2014

Trademarks:
Company(C)

Original file name:
FilegetterInstrumnet

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\antiarp v6.0.2.exe

Digital Signature
Signed by:
New IT Limited

Authority:
Starfield Technologies, Inc.

Valid from:
5/14/2014 3:00:04 PM

Valid to:
12/30/2016 10:33:53 AM

Subject:
CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
049768F7F19C91

File PE Metadata
Compilation timestamp:
7/3/2014 3:09:08 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:ReB1udxW7q7mb6Rz6DceqHFsVB9JA8szOs51nWsk5Pc5F20BumUSFb5:RenaxxRz6DceMsVB9W5z3DWsTO0Bu295

Entry address:
0x29812

Entry point:
E8, 95, 91, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 14, A1, 78, BD, 44, 00, 33, C5, 89, 45, FC, 53, 56, 33, DB, 57, 8B, F1, 39, 1D, 9C, D5, 44, 00, 75, 38, 53, 53, 33, FF, 47, 57, 68, A8, 10, 44, 00, 68, 00, 01, 00, 00, 53, FF, 15, 6C, E1, 43, 00, 85, C0, 74, 08, 89, 3D, 9C, D5, 44, 00, EB, 15, FF, 15, B8, E0, 43, 00, 83, F8, 78, 75, 0A, C7, 05, 9C, D5, 44, 00, 02, 00, 00, 00, 39, 5D, 14, 7E, 22, 8B, 4D, 14, 8B, 45, 10, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, 45, 14, 2B, C1...
 
[+]

Entropy:
6.7279

Code size:
241 KB (246,784 bytes)

Remove antiarp v6.0.2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.