» bca directory of registe...licensed builders.7z.exe
Overview
Analysis
File Details

bca directory of registe...licensed builders.7z.exe

CHummer

New IT Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application bca directory of registe...licensed builders.7z.exe, “Description is empty” by New IT Limited has been detected as adware by 18 anti-malware scanners.

File name:

Publisher:

Elit -e - Company (signed by New IT Limited)

Product:

CHummer

Description:

Description is empty

Version:

3, 4, 17, 0

MD5:

1d29a7cfe8e5eedc0328b0c3fccbcc50

SHA-1:

72a5e920711cb46c5f928d44ace4ced2bb956dd8

SHA-256:

d547eb5e9331085ff6c538c07c10e23c2f5a7acac4d3cdbf92b3ce45113b4146

Scanner detections:

18 / 68

Status:

Adware

Analysis date:

5/7/2024 7:54:45 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Win.Troj

2.1.4+

Agnitum Outpost

PUA.4Shared

7.1.1

Avira AntiVirus

APPL/Downloader.Gen

7.11.175.218

AVG

Generic

2015.0.3335

Comodo Security

Application.Win32.4Shared.XEF

19659

Dr.Web

Adware.Downware.2538

9.0.1.05190

ESET NOD32

Win32/4Shared.X potentially unwanted application

7.0.302.0

F-Prot

W32/A-82fd70bc

v6.4.7.1.166

G Data

Win32.Application.4shared

14.9.24

IKARUS anti.virus

PUA.4Shared

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.183.13535

McAfee

4shared

5600.6991

NANO AntiVirus

Riskware.Win32.Downware.decuce

0.28.2.62440

Panda Antivirus

Trj/Genetic.gen

14.09.30.11

Reason Heuristics

PUP.NewITLimited.l

14.10.1.11

Sophos

4Share Downloader

4.98

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Threat.4150696

33120

File size:

38.7 KB (39,632 bytes)

Product version:

3, 3, 53, 0

2014

Trademarks:

Original file name:

DHelper

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\bca directory of registe...licensed builders.7z.exe

Digital Signature

Signed by:

New IT Limited

Authority:

Starfield Technologies, Inc.

Valid from:

5/14/2014 8:00:04 PM

Valid to:

12/30/2016 3:33:53 PM

Subject:

CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:

CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

049768F7F19C91

File PE Metadata

Compilation timestamp:

8/4/2014 11:19:14 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

768:CSrdaL6UcunGk10t/r3eidddddddOe8WkqPj:CS5AZGk1Y/zfdddddddOe8WkG

Entry address:

0x2586

Entry point:

55, 8B, EC, 83, EC, 10, 53, 56, 8D, 45, F0, 50, C7, 45, F0, 08, 00, 00, 00, C7, 45, F4, 20, 00, 00, 00, FF, 15, 00, 30, 40, 00, 68, 28, 0A, 00, 00, BE, 38, 43, B8, 00, 56, 33, DB, 53, FF, 15, 94, 30, 40, 00, 53, 68, 80, 00, 00, 00, 6A, 03, 53, 6A, 01, 68, 00, 00, 00, 80, 56, FF, 15, 8C, 30, 40, 00, 8B, F0, 83, FE, FF, 0F, 84, 95, 00, 00, 00, 56, E8, 6F, EE, FF, FF, 59, 56, 88, 45, FF, FF, 15, 90, 30, 40, 00, 38, 5D, FF, 74, 7F, 66, 39, 1D, 28, 90, 40, 00, 74, 0A, B8, 28, 90, 40, 00, E8, 86, EF, FF, FF, E8... 
[+]

Entropy:

5.9710

Developed / compiled with:

Microsoft Visual C++

Code size:

6 KB (6,144 bytes)

Remove bca directory of registe...licensed builders.7z.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.