home

usbshow.exe

New IT Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application usbshow.exe by New IT Limited has been detected as adware by 13 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
New IT Limited  (signed and verified)

Version:
3, 3, 50, 0

MD5:
a9fe67ed4c0f20a9f92e090e8affbf20

SHA-1:
02c5e54e3c2c5a2942570562de01cbaa763a45a5

SHA-256:
00e245b2e0e4fde986b43759c902e7ba800804df20eac7025587ca91956c69e3

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
4/25/2024 7:58:08 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.4Shared
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.169.216

AVG
Generic
2015.0.3368

Dr.Web
Adware.Downware.2538
9.0.1.05190

ESET NOD32
Win32/4Shared.U potentially unwanted application
7.0.302.0

G Data
Win32.Application.4shared
14.8.24

IKARUS anti.virus
PUA.4Shared
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.183.13198

McAfee
Obfosha
5600.7024

NANO AntiVirus
Riskware.Win32.Downware.ddwsas
0.28.2.61861

Panda Antivirus
Trj/Genetic.gen
14.08.28.11

Reason Heuristics
PUP.NewITLimited.H
14.8.28.22

VIPRE Antivirus
Threat.4150696
32210

File size:
391.1 KB (400,512 bytes)

Product version:
3, 3, 50, 0

Copyright:
2014

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\usbshow.exe

Digital Signature
Signed by:
New IT Limited

Authority:
Starfield Technologies, Inc.

Valid from:
5/14/2014 2:00:04 PM

Valid to:
12/30/2016 9:33:53 AM

Subject:
CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
049768F7F19C91

File PE Metadata
Compilation timestamp:
7/30/2014 1:19:50 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:vhJXtqK3+xEzqNrdxKDw9H7gPyH9gfl1aQk+nWBe3+Bu:vhdt+jrdxKDw+6H9Ql1aOWBe3+Bu

Entry address:
0x2A1F8

Entry point:
E8, A9, 91, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 14, A1, 78, BD, 44, 00, 33, C5, 89, 45, FC, 53, 56, 33, DB, 57, 8B, F1, 39, 1D, 9C, D5, 44, 00, 75, 38, 53, 53, 33, FF, 47, 57, 68, E4, 11, 44, 00, 68, 00, 01, 00, 00, 53, FF, 15, 7C, E1, 43, 00, 85, C0, 74, 08, 89, 3D, 9C, D5, 44, 00, EB, 15, FF, 15, CC, E0, 43, 00, 83, F8, 78, 75, 0A, C7, 05, 9C, D5, 44, 00, 02, 00, 00, 00, 39, 5D, 14, 7E, 22, 8B, 4D, 14, 8B, 45, 10, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, 45, 14, 2B, C1...
 
[+]

Entropy:
6.6092

Code size:
243.5 KB (249,344 bytes)

Remove usbshow.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.