home

01 - prowler.exe

Filegetter

New IT Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application 01 - prowler.exe, “Helps file downloading” by New IT Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the New IT Desktop Setup installer. The file has been seen being downloaded from ds312.getafilefast.net.
Publisher:
Company limited  (signed by New IT Limited)

Product:
Filegetter

Description:
Helps file downloading

Version:
3, 3, 40, 0

MD5:
c26e1a5afd1bf5121c92025050d0adfc

SHA-1:
a42c02726725844d976ac1af9503741a98ebf320

SHA-256:
65e01c43f1c30657ce85875d5ff6aa450fcc5a990d7c7579a30a1fc9e5f5458c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/27/2024 8:44:34 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.New IT Limited.NewIT.Bundler (M)
16.6.14.14

File size:
373 KB (381,912 bytes)

Product version:
3, 3, 40, 0

Copyright:
2014

Trademarks:
Company(C)

Original file name:
FilegetterInstrumnet

File type:
Executable application (Win32 EXE)

Bundler/Installer:
New IT Desktop Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\01 - prowler.exe

Digital Signature
Signed by:
New IT Limited

Authority:
Starfield Technologies, Inc.

Valid from:
5/14/2014 9:00:04 AM

Valid to:
12/30/2016 5:33:53 AM

Subject:
CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
049768F7F19C91

File PE Metadata
Compilation timestamp:
7/3/2014 9:08:55 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:0xU3NhIzxqoJgP+Qk264fSOtaRTIjWv4pJSEB9pBuBqGIq/:KU3NhWqiQkX4KOtatIjJpcY9pBuBqI

Entry address:
0x27612

Entry point:
E8, 95, 91, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 14, A1, E8, 7B, 44, 00, 33, C5, 89, 45, FC, 53, 56, 33, DB, 57, 8B, F1, 39, 1D, 5C, 92, 44, 00, 75, 38, 53, 53, 33, FF, 47, 57, 68, 1C, D3, 43, 00, 68, 00, 01, 00, 00, 53, FF, 15, 5C, B1, 43, 00, 85, C0, 74, 08, 89, 3D, 5C, 92, 44, 00, EB, 15, FF, 15, B0, B0, 43, 00, 83, F8, 78, 75, 0A, C7, 05, 5C, 92, 44, 00, 02, 00, 00, 00, 39, 5D, 14, 7E, 22, 8B, 4D, 14, 8B, 45, 10, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, 45, 14, 2B, C1...
 
[+]

Code size:
231 KB (236,544 bytes)

The file 01 - prowler.exe has been seen being distributed by the following URL.

https://ds312.getafilefast.net/.../01 - Prowler.exe

Remove 01 - prowler.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.