home

zlib1.exe

Filegetter

New IT Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application zlib1.exe, “Helps file downloading” by New IT Limited has been detected as adware by 14 anti-malware scanners. The file has been seen being downloaded from 4sx.getafilefast.net.
Publisher:
Company limited  (signed by New IT Limited)

Product:
Filegetter

Description:
Helps file downloading

Version:
3, 3, 40, 0

MD5:
6a2a4dadd3b75c53d11cfa89089e0ea0

SHA-1:
2774e8099010c879fa346a9336b64f466f53cf3b

SHA-256:
c03d9c9f9ce46bfe5467478d783678345fc17b047555bdc66e3df93df5db1002

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
4/20/2024 3:41:30 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.4Shared
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.169.248

AVG
Generic
2015.0.3367

Dr.Web
Adware.Downware.2538, Adware.Downware.5878
9.0.1.05190

ESET NOD32
Win32/4Shared.U potentially unwanted application
7.0.302.0

G Data
Win32.Application.4shared
14.8.24

IKARUS anti.virus
PUA.4Shared
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.183.13198

McAfee
PUP-FNX
5600.7023

NANO AntiVirus
Riskware.Win32.Downware.dcurvc
0.28.2.61861

Panda Antivirus
Trj/Genetic.gen
14.08.29.05

Reason Heuristics
PUP.NewITLimited.F
14.8.29.13

Vba32 AntiVirus
Downloader.GetFaster
3.12.26.3

VIPRE Antivirus
Threat.4150696
32210

File size:
395.8 KB (405,320 bytes)

Product version:
3, 3, 40, 0

Copyright:
2014

Trademarks:
Company(C)

Original file name:
FilegetterInstrumnet

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\zlib1.exe

Digital Signature
Signed by:
New IT Limited

Authority:
Starfield Technologies, Inc.

Valid from:
5/14/2014 5:00:04 AM

Valid to:
12/29/2016 11:33:53 PM

Subject:
CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
049768F7F19C91

File PE Metadata
Compilation timestamp:
7/3/2014 5:09:08 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:/enaxxRz6DceMsVB9W5z3DWsTO0BuulG01:/enaxrWD1MEB9W5vWsTZG01

Entry address:
0x29812

Entry point:
E8, 95, 91, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 14, A1, 78, BD, 44, 00, 33, C5, 89, 45, FC, 53, 56, 33, DB, 57, 8B, F1, 39, 1D, 9C, D5, 44, 00, 75, 38, 53, 53, 33, FF, 47, 57, 68, A8, 10, 44, 00, 68, 00, 01, 00, 00, 53, FF, 15, 6C, E1, 43, 00, 85, C0, 74, 08, 89, 3D, 9C, D5, 44, 00, EB, 15, FF, 15, B8, E0, 43, 00, 83, F8, 78, 75, 0A, C7, 05, 9C, D5, 44, 00, 02, 00, 00, 00, 39, 5D, 14, 7E, 22, 8B, 4D, 14, 8B, 45, 10, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, 45, 14, 2B, C1...
 
[+]

Entropy:
6.6456

Code size:
241 KB (246,784 bytes)

The file zlib1.exe has been seen being distributed by the following URL.

https://4sx.getafilefast.net/.../zlib1.exe

Remove zlib1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.