» ลมเปลี่ยนทิศ.exe
Overview
Analysis
File Details
Downloads (1)

ลมเปลี่ยนทิศ.exe

SystemNode

New IT Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application ลมเปลี่ยนทิศ.exe by New IT Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from 4sx.files-download-67.com.

File name:

ลมเปลี่ยนทิศ.exe

Publisher:

SwapSystem (signed by New IT Limited)

Product:

SystemNode

Description:

SystemComponent

Version:

4, 0, 23, 0

MD5:

5ff658196f0900d629a82b4d0d123dfe

SHA-1:

fbf3e90aa29774db79bfcb48e0bc0c2e978cd69b

SHA-256:

01056b1965f54282699839fed7638117d379d2c20bcc17d02607293f37e84d5d

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

1/12/2025 11:00:41 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.New IT Limited.NewIT (M)

16.5.16.9

File size:

44.6 KB (45,632 bytes)

Product version:

4, 0, 23, 0

2014

Trademarks:

SmallTrade Inc.

Original file name:

0008.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\ลมเปลี่ยนทิศ.exe

Digital Signature

Signed by:

New IT Limited

Authority:

Starfield Technologies, Inc.

Valid from:

5/14/2014 7:00:04 PM

Valid to:

12/30/2016 2:33:53 PM

Subject:

CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:

CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

049768F7F19C91

File PE Metadata

Compilation timestamp:

11/6/2014 12:02:33 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

384:tnqMaVAbD/NHxL5cQYxy5YnECa2er5tUl77AGY8myyqAV10gOCooqDG81FlPlHjy:9pXL5B4PKtUt4VayjmFK7sEg6

Entry address:

0x2CC5

Entry point:

55, 8B, EC, 83, EC, 10, 53, 56, 8D, 45, F0, 50, C7, 45, F0, 08, 00, 00, 00, C7, 45, F4, 20, 00, 00, 00, FF, 15, 00, 30, 40, 00, 68, 28, 0A, 00, 00, BE, 60, 1C, BB, 00, 56, 33, DB, 53, FF, 15, A0, 30, 40, 00, 53, 68, 80, 00, 00, 00, 6A, 03, 53, 6A, 01, 68, 00, 00, 00, 80, 56, FF, 15, 98, 30, 40, 00, 8B, F0, 83, FE, FF, 0F, 84, D5, 00, 00, 00, 56, E8, 82, E8, FF, FF, 59, 56, 88, 45, FF, FF, 15, 9C, 30, 40, 00, 38, 5D, FF, 0F, 84, BB, 00, 00, 00, 66, 39, 1D, D8, E0, 40, 00, 74, 0A, BE, D8, E0, 40, 00, E8, F2... 
[+]

Entropy:

5.9919

Developed / compiled with:

Microsoft Visual C++

Code size:

8 KB (8,192 bytes)

The file ลมเปลี่ยนทิศ.exe has been seen being distributed by the following URL.

https://4sx.files-download-67.com/.../????????????.exe

Remove ลมเปลี่ยนทิศ.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.