home

best entry signal v.2.0.exe

New IT Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application best entry signal v.2.0.exe by New IT Limited has been detected as adware by 11 anti-malware scanners. The file has been seen being downloaded from 4sx.getafilefast.net.
Publisher:
New IT Limited  (signed and verified)

Version:
3, 3, 50, 0

MD5:
1533199f587c273e5e410c0b02b8a721

SHA-1:
64003e259b7a3465c45f6bc91292ee46dfd48427

SHA-256:
9b46217f8b93bd7be56b3f5e02f53ed1640d762dfefe48b9030597d957f28ed3

Scanner detections:
11 / 68

Status:
Adware

Analysis date:
4/25/2024 9:51:56 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.4Shared
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.167.34

AVG
Generic
2015.0.3383

Dr.Web
Adware.Downware.2538
9.0.1.0225

ESET NOD32
Win32/4Shared.U potentially unwanted application
8.7.0.302.0

G Data
Win32.Application.4shared
14.8.24

herdProtect (fuzzy)
variant of pet rescue trainer 3_16_13.exe (Adware)
2014.10.28.4

IKARUS anti.virus
PUA.4Shared
t3scan.1.7.5.0

McAfee
Program.Obfosha
5600.7039

Reason Heuristics
PUP.NewITLimited.V
14.8.13.23

VIPRE Antivirus
Threat.4150696
32186

File size:
410.4 KB (420,264 bytes)

Product version:
3, 3, 50, 0

Copyright:
2014

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\best entry signal v.2.0.exe

Digital Signature
Signed by:
New IT Limited

Authority:
Starfield Technologies, Inc.

Valid from:
5/14/2014 8:00:04 AM

Valid to:
12/30/2016 4:33:53 AM

Subject:
CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
049768F7F19C91

File PE Metadata
Compilation timestamp:
7/30/2014 6:19:50 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:OhJXtqK3+xEzqNrdxKDw9H7gPyH9gfl1aQk+nWBe3+Bu3jpl:Ohdt+jrdxKDw+6H9Ql1aOWBe3+Bu3H

Entry address:
0x2A1F8

Entry point:
E8, A9, 91, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 14, A1, 78, BD, 44, 00, 33, C5, 89, 45, FC, 53, 56, 33, DB, 57, 8B, F1, 39, 1D, 9C, D5, 44, 00, 75, 38, 53, 53, 33, FF, 47, 57, 68, E4, 11, 44, 00, 68, 00, 01, 00, 00, 53, FF, 15, 7C, E1, 43, 00, 85, C0, 74, 08, 89, 3D, 9C, D5, 44, 00, EB, 15, FF, 15, CC, E0, 43, 00, 83, F8, 78, 75, 0A, C7, 05, 9C, D5, 44, 00, 02, 00, 00, 00, 39, 5D, 14, 7E, 22, 8B, 4D, 14, 8B, 45, 10, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, 45, 14, 2B, C1...
 
[+]

Entropy:
6.7115

Code size:
243.5 KB (249,344 bytes)

The file best entry signal v.2.0.exe has been seen being distributed by the following URL.

https://4sx.getafilefast.net/.../Best Entry Signal v.2.0.exe

Remove best entry signal v.2.0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.