» 4shared_desktop_4.0.3.1.exe
Overview
Analysis
File Details
Downloads (2)

4shared_desktop_4.0.3.1.exe

4shared Desktop Setup

New IT Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application 4shared_desktop_4.0.3.1.exe by New IT Limited has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the New IT Desktop Setup installer. This version of the installer will bundle the Ask.com Toolbar, a potentially unwanted web browser extension. The file has been seen being downloaded from nl.inncdn.com and multiple other hosts.

File name:

Publisher:

New IT Solutions (signed by New IT Limited)

Product:

4shared Desktop Setup

Version:

4.0.3.1

MD5:

190407c7769a3045c6e8a09d35c2b93c

SHA-1:

cc2a454b07ee3e440bafdcd2792da30af1ed7385

SHA-256:

495fff65b72350b5355c3c410f2769085c923d72a07abe459a81e727058e3e0b

Scanner detections:

13 / 68

Status:

Adware

Explanation:

Bundles that Ask.com toolbar as a third-party offer, a web browser extension that may modify a user's search and home pages.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

5/6/2026 11:24:30 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.Ask

7.1.1

AVG

Newitli

2015.0.3280

Baidu Antivirus

Hacktool.Win32.Bundled.bToolbar

4.0.3.141125

Comodo Security

Application.Win32.NewIT.B

20002

Dr.Web

Adware.Downware.1417

9.0.1.0329

ESET NOD32

Win32/Bundled.Toolbar.Ask (variant)

8.10678

Malwarebytes

PUP.Optional.4Shared

v2014.11.25.08

McAfee

Artemis!190407C7769A

5600.6936

NANO AntiVirus

Trojan.Win32.Downware.cumjmn

0.28.6.62995

Reason Heuristics

PUP.Installer.NewITLimited.U

14.11.25.8

Rising Antivirus

PE:PUF.4Shared!1.9C25

23.00.65.141123

Sophos

4Share Downloader

4.98

VIPRE Antivirus

Trojan.Win32.Generic

34552

File size:

5.5 MB (5,768,192 bytes)

New IT Solutions

File type:

Executable application (Win32 EXE)

Bundler/Installer:

New IT Desktop Setup (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\4shared_desktop_4.0.3.1.exe

Digital Signature

Signed by:

New IT Limited

Authority:

GoDaddy.com, Inc.

Valid from:

4/10/2014 11:50:45 AM

Valid to:

12/30/2016 5:33:53 AM

Subject:

CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B90BA60B54B37

File PE Metadata

Compilation timestamp:

4/10/2010 9:19:31 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:TUPvzkKIq9GbJmOULXcyCNyyjPlTZvtc0/1A2T4juuIClQuzhuKt36d7BErWUY27:TUHzkKxGth8NCNVPlFuc1A2T4ZRhpt3Z

Entry address:

0x354B

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

The file 4shared_desktop_4.0.3.1.exe has been seen being distributed by the following 2 URLs.

http://nl.inncdn.com/download.php?os=&icon=aHR0cDovL2ltYWdlcy5ici5zZnRjZG4ubmV0L2JyL3Njcm4vMzAzMDAwLzMwMzYxOC80c2hhcmVkLTIucG5n&desc=VW0gYXBsaWNhdGl2byBwYXJhIGFybWF6ZW5hciBlIGNvbXBhcnRpbGhhciBhcnF1aXZvcyBvbi1saW5l&name=4shared&domain=4shared&ss=&lang=pt_BR&url=aHR0cDovLzRzaGFyZWQuc29mdG9uaWMuY29tLmJy&version=121114&ins=apportalbr&gclid=CMKU14rO-MECFUsV7AodjHUAnQ

http://dc522.4shared.com/.../ojm1S47s?null

Remove 4shared_desktop_4.0.3.1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.