home

المختصر في تاريخ بلاد بني شهر.exe

SystemNode

New IT Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application المختصر في تاريخ بلاد بني شهر.exe by New IT Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from 4sx.files-download-67.com.
Publisher:
SwapSystem  (signed by New IT Limited)

Product:
SystemNode

Description:
SystemComponent

Version:
4, 0, 23, 0

MD5:
195fcaf3b7928d475273e60127e55278

SHA-1:
6f7a8d4e0f9fed53cca5ef3c7064909177127d5c

SHA-256:
59b4df3194c0146749c17492d2ba6bb8537c4028c28988ea4d4f66d3b14849dc

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 5:55:31 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.New IT Limited.NewIT (M)
16.6.29.3

File size:
44.7 KB (45,768 bytes)

Product version:
4, 0, 23, 0

Copyright:
2014

Trademarks:
SmallTrade Inc.

Original file name:
0008.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\المختصر في تاريخ بلاد بني شهر.exe

Digital Signature
Signed by:
New IT Limited

Authority:
Starfield Technologies, Inc.

Valid from:
5/14/2014 3:00:04 PM

Valid to:
12/30/2016 10:33:53 AM

Subject:
CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
049768F7F19C91

File PE Metadata
Compilation timestamp:
11/5/2014 8:02:33 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
384:FnqMaVAbD/NHxL5cQYxy5YnECa2er5tUl77AGY8myyqAV10gOCooqDG81FlPlHjO:lpXL5B4PKtUt4VayjmFK7OJ4av9l+f

Entry address:
0x2CC5

Entry point:
55, 8B, EC, 83, EC, 10, 53, 56, 8D, 45, F0, 50, C7, 45, F0, 08, 00, 00, 00, C7, 45, F4, 20, 00, 00, 00, FF, 15, 00, 30, 40, 00, 68, 28, 0A, 00, 00, BE, 60, 1C, BB, 00, 56, 33, DB, 53, FF, 15, A0, 30, 40, 00, 53, 68, 80, 00, 00, 00, 6A, 03, 53, 6A, 01, 68, 00, 00, 00, 80, 56, FF, 15, 98, 30, 40, 00, 8B, F0, 83, FE, FF, 0F, 84, D5, 00, 00, 00, 56, E8, 82, E8, FF, FF, 59, 56, 88, 45, FF, FF, 15, 9C, 30, 40, 00, 38, 5D, FF, 0F, 84, BB, 00, 00, 00, 66, 39, 1D, D8, E0, 40, 00, 74, 0A, BE, D8, E0, 40, 00, E8, F2...
 
[+]

Entropy:
6.0027

Developed / compiled with:
Microsoft Visual C++

Code size:
8 KB (8,192 bytes)

The file المختصر في تاريخ بلاد بني شهر.exe has been seen being distributed by the following URL.

https://4sx.files-download-67.com/.../??????? ?? ????? ???? ??? ???.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.