الانشطة العلمية.exe

B1 Free Archiver Setup

IT Management Group LTD

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application الانشطة العلمية.exe by IT Management Group has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the New IT Desktop Setup installer. The file has been seen being downloaded from pub.b1.org.
Publisher:
b1.org  (signed by IT Management Group LTD)

Product:
B1 Free Archiver Setup

Version:
0.6.0.1204

MD5:
bc508e3c9e557140489bda1cee2ba4ce

SHA-1:
b2e1099b92367e9a1d51ef21a746b316bc5b1f58

SHA-256:
a1ffdff317598951e46aedc18085f950340cf8205625fa93d5ef6e888c118405

Scanner detections:
4 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/27/2024 12:32:07 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.4Shared
4.0.3.1545

ESET NOD32
Win32/4Shared (variant)
9.10889

Reason Heuristics
PUP.Bundler.New IT Limited
15.4.5.17

Trend Micro House Call
Suspicious_GEN.F47V1127
7.2.95

File size:
3.9 MB (4,052,800 bytes)

Copyright:
b1.org

File type:
Executable application (Win32 EXE)

Bundler/Installer:
New IT Desktop Setup (using Nullsoft Install System)

Digital Signature
Authority:
COMODO CA Limited

Valid from:
1/18/2012 3:00:00 AM

Valid to:
1/18/2013 2:59:59 AM

Subject:
CN=IT Management Group LTD, O=IT Management Group LTD, STREET=135 Arch. Makarios III Avenue, STREET=Emelle Building 4th floor, L=Limassol, S=Limassol, PostalCode=3021, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009F750087DD24E5BFA7394C0A178EEAD8

File PE Metadata
Compilation timestamp:
4/10/2010 3:19:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:G+QvBQsJSorsnJZsGMwug4dVHai2vSP93WAfNRM:GrJA1x6FLHai2e93THM

Entry address:
0x354B

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Entropy:
7.9105

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file الانشطة العلمية.exe has been seen being distributed by the following URL.

Remove الانشطة العلمية.exe - Powered by Reason Core Security