» office.2010.toolkit.and.ez-activator.2.2.3.exe
Overview
Analysis
File Details
Downloads (1)

office.2010.toolkit.and.ez-activator.2.2.3.exe

SystemNode

New IT Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application office.2010.toolkit.and.ez-activator.2.2.3.exe by New IT Limited has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the New IT Desktop Setup installer. The file has been seen being downloaded from 4sx.files-download-83.com.

File name:

Publisher:

SwapSystem (signed by New IT Limited)

Product:

SystemNode

Description:

SystemComponent

Version:

4, 0, 33, 0

MD5:

0f4ad804dfb5a967c601944fdb6dada1

SHA-1:

68ea2260e9d1bd2bccbfae7745bfb7ebf248320e

SHA-256:

1e90b26fe175db2f7180ffa7af233f00056f21b6fb085d990e20a0d13994e204

Scanner detections:

30 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/23/2024 6:21:41 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.165452

6100240

Agnitum Outpost

PUA.4Shared

7.1.1

AhnLab V3 Security

Win-Trojan/Malpacked3.Gen

2014.11.23

Avira AntiVirus

APPL/Downloader.Gen4

7.11.193.42

AVG

Generic

2015.0.3264

Baidu Antivirus

Adware.Win32.4Shared

4.0.3.141211

Bitdefender

Gen:Variant.Graftor.165452

1.0.20.1700

Clam AntiVirus

Win.Trojan.4shared-30

0.98/21411

Comodo Security

Application.Win32.4Shared.FG

20166

Dr.Web

Adware.Downware.9045

9.0.1.0345

Emsisoft Anti-Malware

Gen:Variant.Graftor.165452

9.0.0.4668

ESET NOD32

Win32/4Shared.AC potentially unwanted application

7.0.302.0

F-Prot

W32/A-63d5a2cf

v6.4.7.1.166

F-Secure

Gen:Variant.Graftor.165452

11.2014-06-12_7

G Data

Gen:Variant.Graftor.165452

14.12.24

IKARUS anti.virus

PUA.4Shared

t3scan.1.8.3.0

K7 AntiVirus

Unwanted-Program

13.185.14098

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.2815

Malwarebytes

Adware.Agent

v2014.12.11.12

McAfee

4shared

5600.6925

MicroWorld eScan

Gen:Variant.Graftor.165452

15.0.0.1020

NANO AntiVirus

Riskware.Win32.ArchSMS.dipmvj

0.28.6.62995

Norman

Gen:Variant.Graftor.165452

04.12.2014 14:30:06

Panda Antivirus

Trj/Genetic.gen

14.12.06.07

Reason Heuristics

PUP.NewITLimited.d

14.12.6.7

Sophos

4Share Downloader

4.98

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Threat.4150696

34232

ViRobot

Worm.Win32.P2P-Palevo.B.Gen

2011.4.7.4223

Zillya! Antivirus

Adware.Agent.Win32.22206

2.0.0.1992

File size:

172.4 KB (176,568 bytes)

Product version:

4, 0, 33, 0

2014

Trademarks:

SmallTrade Inc.

Original file name:

0008.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

New IT Desktop Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\office.2010.toolkit.and.ez-activator.2.2.3.exe

Digital Signature

Signed by:

New IT Limited

Authority:

GoDaddy.com, Inc.

Valid from:

11/10/2014 12:19:05 PM

Valid to:

12/30/2016 5:33:53 AM

Subject:

CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

045E846BB931D8

File PE Metadata

Compilation timestamp:

12/3/2014 7:06:09 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:O2jnNJZk+vTkDdqVi9J/+NLz4zjxYGDp/+FOtlvrdYvTV:OSQXUNLKjx9gFOXw

Entry address:

0x3535

Entry point:

E8, F2, 15, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, 47, 16, 00, 00, 33, C0, 5D, C2, 04, 00, 68, 3F, 35, 40, 00, FF, 15, 8C, A1, 40, 00, 33, C0, C3, 8B, FF, 55, 8B, EC, 57, BF, E8, 03, 00, 00, 57, FF, 15, 24, A1, 40, 00, FF, 75, 08, FF, 15, F4, A0, 40, 00, 81, C7, E8, 03, 00, 00, 81, FF, 60, EA, 00... 
[+]

Code size:

33.5 KB (34,304 bytes)

The file office.2010.toolkit.and.ez-activator.2.2.3.exe has been seen being distributed by the following URL.

http://4sx.files-download-83.com/.../Office.2010.Toolkit.and.EZ-Activator.2.2.3.exe

Remove office.2010.toolkit.and.ez-activator.2.2.3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.