home

SHIFT2U.exe

SHIFT 2 UNLEASHED

Electronic Arts Inc.

It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from s7777.chomikuj.pl.
Publisher:
Electronic Arts Inc.

Product:
SHIFT 2 UNLEASHED™

Version:
1, 0, 0, 0

MD5:
eae096ecb6c9ee57d229e5c664223e18

SHA-1:
15d88b67603dc4734a025871ce09da9c6f2a90c3

SHA-256:
26b266f7fd06d51e84058968fcc5552bc3507df9141e19d8b04d6a752356bda9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/16/2024 3:08:03 AM UTC  (today)

File size:
30.8 MB (32,247,296 bytes)

Product version:
1, 0, 0, 0

Copyright:
© 2011 Electronic Arts Ltd. All Rights Reserved.

Trademarks:
Need for Speed is a Trademark of Electronic Arts Inc.

Original file name:
SHIFT2U.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

File PE Metadata
OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
786432:rerboa63hM0PW8i0AhNjNBWuM1Yp+VHaKf1k:Gu3SV82lNcK+V6KfW

Entry address:
0xFF7222

Entry point:
68, 66, 15, 55, 00, 6A, 00, 9C, 6A, 00, 51, B9, B0, C0, 00, 00, 6A, 00, 6A, 00, E2, FA, 8B, 8C, 24, 88, 05, 06, 00, 89, 8C, 24, 88, 05, 00, 00, C7, 84, 24, 8C, 05, 00, 00, 00, 00, 00, 00, 8B, 8C, 24, 80, 05, 06, 00, 89, 84, 24, A8, 02, 00, 00, C7, 84, 24, AC, 02, 00, 00, 00, 00, 00, 00, 89, 8C, 24, 80, 01, 00, 00, C7, 84, 24, 84, 01, 00, 00, 00, 00, 00, 00, 89, 94, 24, 98, 03, 00, 00, C7, 84, 24, 9C, 03, 00, 00, 00, 00, 00, 00, 89, 9C, 24, D8, 00, 00, 00, C7, 84, 24, DC, 00, 00, 00, 00, 00, 00, 00, 89, A4...
 
[+]

Entropy:
7.5601

Code size:
9.6 MB (10,028,544 bytes)

Scheduled Task
Task name:
{62C7B028-568F-4E83-ADDC-75340A3B61F3}

Trigger:
Registration (Runs on registration)


The file SHIFT2U.exe has been seen being distributed by the following URL.

http://s7777.chomikuj.pl/File.aspx?e=auW-JBOHajQyiCGYps4sfAhVJoKKMLY9n6H5gLnfEx2QJOFxjEWuy0mlFGxjXKGv9ZMjrE4JuC-Edp9MFuNDXcRRxSaKIX_Be1lMFtU-gQBOv-0LRo5rKNgFT6rSyzPlBQ7E-KXsgZSHjPh079ToXg&pv=2

Scan SHIFT2U.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.