home

SHIFT.exe

Need for Speed SHIFT

Electronic Arts Inc.

This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from s7263.chomikuj.pl and multiple other hosts.
Publisher:
Electronic Arts Inc.

Product:
Need for Speed™ SHIFT

Version:
1, 0, 0, 0

MD5:
6872d63eee336d8b00d5b0d613553f7c

SHA-1:
30785fc9cbcfde3e7a8ba8e416e26f71033f1261

SHA-256:
dbf2f26cda785518f628b6a4e0bf0e4cf02dd92f17245c067a2b80cf1b48b548

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/24/2024 7:32:20 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAutoB
1.3.0.4613

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.131224

File size:
8.3 MB (8,736,256 bytes)

Product version:
1, 0, 0, 0

Copyright:
© 2009 Electronic Arts Ltd. All Rights Reserved.

Trademarks:
Need for Speed is a Trademark of Electronic Arts Inc.

Original file name:
SHIFT.exe

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
8/26/2009 4:47:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
196608:JW1s/g9m/6iWdhHJY5VtuqmYC9eQDmexiTKNfmhyU4r+SvAwQkn:J2Qg9m/6iWzH2thmYCrxiTCmhyU4r9n

Entry address:
0x9837B0

Entry point:
E8, 08, 00, 00, 00, 72, 6C, 64, 2E, 64, 6C, 6C, 00, FF, 15, E4, B2, A9, 00, 85, C0, 75, 01, CC, E8, 08, 00, 00, 00, 72, 6C, 64, 2E, 62, 69, 6E, 00, 50, E8, 08, 00, 00, 00, 44, 6C, 6C, 49, 6E, 69, 74, 00, 50, FF, 15, E0, B2, A9, 00, 85, C0, 75, 01, CC, FF, D0, 85, C0, 75, 01, CC, 68, 1A, 9D, 8F, 00, C3, CC, CC, CC, CC, 54, 65, 72, 72, 67, 76, 61, 74, 66, 20, 67, 62, 20, 6E, 79, 79, 20, 67, 75, 72, 20, 73, 65, 76, 72, 61, 71, 66, 20, 76, 61, 20, 67, 75, 72, 20, 66, 70, 72, 61, 72, 20, 3B, 29, 00, 00, 00, 00...
 
[+]

Code size:
7 MB (7,314,432 bytes)

Scheduled Task
Task name:
{5FD68CA4-32E2-4E3A-BEBA-ED107974E3FE}

Trigger:
Registration (Runs on registration)


The file SHIFT.exe has been discovered within the following programs.

Need For Speed SHIFT  by Electronic Arts
Need For Speed SHIFT is a video game distributed through EA's Origin digital distribution and digital rights management content delivery system.
www.ea.com/need-for-speed-shift
12% remove it
Need for Speed_Shift  by AsreBazi, Inc.
Need for Speed_Shift is a PC video game distributed by AsreBazi, an Iranian video game portal, with permission from the National Foundation for Computer Games. The game contains various Farsi translations.
www.asrebazi.com
About 9% of users remove it
Need for Speed™ ProStreet  by Electronic Arts
Need for Speed ProStreet is a video game distributed through EA's Origin digital distribution and digital rights management content delivery system.
www.ea.com
5% remove it
Need for Speed™ SHIFT  by Electronic Arts
Need for Speed: Shift is the 13th installment of the long-running racing video game franchise Need for Speed; published by Electronic Arts. There are 60+ cars which are divided into 4 tiers.
www.electronicarts.cz
4% remove it
Trials Evolution Gold Edition  by Ubisoft
Publisher's description - “Trials Evolution: Gold Edition marks the Trials franchise’s triumphant return to the PC gaming platform. RedLynx’s signature franchise, the Trials series first made its mark in gaming with the 2008 release of Trials 2 SE for the PC.”
support.ubi.com
7% remove it
 
Powered by Should I Remove It?

The file SHIFT.exe has been seen being distributed by the following 4 URLs.

http://s7263.chomikuj.pl/File.aspx?e=zoo_D2b1o2c5rSe8QMWsSrSAvfSKSwBGFY0MeNQCVJTe5zji5jpAQsvNw9ClLePZhCDFCVglVGmMNw4lVSsp7f_x_K6MiDxPgy68dv85rFAR-lPIXVMdVQDl0R-tYK--4Q030LtYLI4wJCLxxCKpQw&pv=2

http://s7263.chomikuj.pl/File.aspx?e=zoo_D2b1o2c5rSe8QMWsSrSAvfSKSwBGFY0MeNQCVJSQevq0ryngLaoUYKAk5GZH8BzqnGcTqUVd1KV2G0B7o8GFnEtEd7DcVnE3RU6be-OIAjNkXovgldBWJ_z33aHtaHw2yDz0Nuxv94J8sNkH_A&pv=2

http://s7263.chomikuj.pl/File.aspx?e=zoo_D2b1o2c5rSe8QMWsSrSAvfSKSwBGFY0MeNQCVJQAc8lLKkRzJThngE-amaQ-kx4QEgqVZw6-21oncSw4gR9FzkbGKTUckUYZw4m5lmC2iGQ3CndAH1ZrWYWsRNyAqktmQucmMJQSyDveBsMKug&pv=2

http://originaldll.com/.../36863.exe

Scan SHIFT.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.