counter-strike xtreme v7.exe

CHummer

New IT Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application counter-strike xtreme v7.exe, “Description is empty” by New IT Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from 4sx.getafilefree.net.
Publisher:
Elit -e - Company  (signed by New IT Limited)

Product:
CHummer

Description:
Description is empty

Version:
3, 5, 13, 0

MD5:
5571a95b8d7bfff919b4cf50d489b307

SHA-1:
1d6a78eb97a15af5ab262f609267efc2775ba775

SHA-256:
117c11dab2711693e84e03faf3335240970b8fe3172127e4b85d2ef76477365c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/2/2024 3:20:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.New IT Limited.NewIT (M)
16.7.3.19

File size:
42.2 KB (43,216 bytes)

Product version:
3, 5, 13, 0

Copyright:
2014

Trademarks:
No

Original file name:
DHelper

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\counter-strike xtreme v7.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
5/14/2014 7:00:04 PM

Valid to:
12/30/2016 2:33:53 PM

Subject:
CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
049768F7F19C91

File PE Metadata
Compilation timestamp:
9/5/2014 10:53:24 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:hOwfivq/RsoZNUYbmSChHUborYp9vZ12CTC6JYt:F3mhhfYp9x12CTC6et

Entry address:
0x3210

Entry point:
55, 8B, EC, 83, E4, F8, 83, EC, 0C, 53, 56, 57, 8D, 44, 24, 10, 50, C7, 44, 24, 14, 08, 00, 00, 00, C7, 44, 24, 18, 20, 00, 00, 00, FF, 15, 00, 40, 40, 00, 68, 28, 0A, 00, 00, 68, A0, 1F, B9, 00, 6A, 00, FF, 15, 94, 40, 40, 00, 6A, 00, 68, 80, 00, 00, 00, 6A, 03, 6A, 00, 6A, 01, 68, 00, 00, 00, 80, 68, A0, 1F, B9, 00, FF, 15, 8C, 40, 40, 00, 8B, F8, 83, FF, FF, 0F, 84, 30, 01, 00, 00, E8, BA, E3, FF, FF, 57, 8B, 3D, 90, 40, 40, 00, 8A, D8, FF, D7, 84, DB, 0F, 84, 18, 01, 00, 00, 66, 83, 3D, C8, A0, 40, 00...
 
[+]

Entropy:
5.7134

Developed / compiled with:
Microsoft Visual C++

Code size:
9 KB (9,216 bytes)

The file counter-strike xtreme v7.exe has been seen being distributed by the following URL.

Remove counter-strike xtreme v7.exe - Powered by Reason Core Security