slow jams - luther vandross - if only for one night.exe

Download Helper

IT MANAGEMENT GROUP LTD

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application slow jams - luther vandross - if only for one night.exe by IT MANAGEMENT GROUP has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the New IT Desktop Setup installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from dc97.4sharedhelper.com.
Publisher:
IT MANAGEMENT GROUP LTD  (signed and verified)

Product:
Download Helper

Version:
1, 1, 0, 0

MD5:
aaed4b2d79f72b61f2dd1a39508cf9d8

SHA-1:
3ac079e7006cdef5b77920fd237c9b49008502f6

SHA-256:
8ffd8ece38bc68c7ad31fff7b8af1721ac78d5d46540f71e64aa7fdb470ded96

Scanner detections:
19 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/27/2024 6:03:59 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

Agnitum Outpost
PUA.4Shared
7.1.1

avast!
Downloader-TQP [PUP]
150126-0

AVG
Potentially harmful program Skodna.Downloader.K
2014.0.4257

Comodo Security
Application.Win32.NewIT.B
19693

Dr.Web
Adware.Toolbar.111
9.0.1.05190

ESET NOD32
Win32/4Shared.D potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/4Shared
1/27/2015

F-Prot
W32/A-98e3043d
v6.4.7.1.166

IKARUS anti.virus
possible-Threat.Skodna
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.183.13550

McAfee
PUP-FIV
5600.6872

NANO AntiVirus
Riskware.Win32.Toolbar.dbxkdu
0.28.2.62440

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.New IT Limited
15.1.27.16

Rising Antivirus
PE:PUF.4Shared!1.9C25
23.00.65.15125

Sophos
PUA '4Share Downloader'
5.10

SUPERAntiSpyware
Trojan.Agent/Gen-Downloader
10090

VIPRE Antivirus
Threat.4758582
33624

File size:
934.9 KB (957,304 bytes)

Product version:
1, 1, 0, 0

Copyright:
Copyright (C) 2013

File type:
Executable application (Win32 EXE)

Bundler/Installer:
New IT Desktop Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\slow jams - luther vandross - if only for one night.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
3/15/2013 6:57:25 AM

Valid to:
3/14/2016 9:41:32 AM

Subject:
CN=IT MANAGEMENT GROUP LTD, O=IT MANAGEMENT GROUP LTD, L=Limassol, S=N/A, C=CY

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
082965B7976A8F

File PE Metadata
Compilation timestamp:
3/19/2013 2:25:14 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:P/3zXso48sMBiRRXCCxkt22ODRhGeVnAvr51j+vKa8iF:P/jXsG8VJkt90SeVnATj+vK6F

Entry address:
0x951D

Entry point:
E8, 9C, 43, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3...
 
[+]

Entropy:
7.8563  (probably packed)

Code size:
87 KB (89,088 bytes)

The file slow jams - luther vandross - if only for one night.exe has been seen being distributed by the following URL.