» 4shared_desktop_4.0.3.1.exe
Overview
Analysis
File Details
Downloads (2)

4shared_desktop_4.0.3.1.exe

4shared Desktop Setup

New IT Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application 4shared_desktop_4.0.3.1.exe by New IT Limited has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the New IT Desktop Setup installer. This version of the installer will bundle the Ask.com Toolbar, a potentially unwanted web browser extension. The file has been seen being downloaded from nl.inncdn.com and multiple other hosts.

File name:

Publisher:

New IT Solutions (signed by New IT Limited)

Product:

4shared Desktop Setup

Version:

4.0.3.1

MD5:

190407c7769a3045c6e8a09d35c2b93c

SHA-1:

cc2a454b07ee3e440bafdcd2792da30af1ed7385

SHA-256:

495fff65b72350b5355c3c410f2769085c923d72a07abe459a81e727058e3e0b

Scanner detections:

13 / 68

Status:

Adware

Explanation:

Bundles that Ask.com toolbar as a third-party offer, a web browser extension that may modify a user's search and home pages.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/20/2024 1:46:04 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.Ask

7.1.1

AVG

Newitli

2015.0.3280

Baidu Antivirus

Hacktool.Win32.Bundled.bToolbar

4.0.3.141125

Comodo Security

Application.Win32.NewIT.B

20002

Dr.Web

Adware.Downware.1417

9.0.1.0329

ESET NOD32

Win32/Bundled.Toolbar.Ask (variant)

8.10678

Malwarebytes

PUP.Optional.4Shared

v2014.11.25.08

McAfee

Artemis!190407C7769A

5600.6936

NANO AntiVirus

Trojan.Win32.Downware.cumjmn

0.28.6.62995

Reason Heuristics

PUP.Installer.NewITLimited.U

14.11.25.8

Rising Antivirus

PE:PUF.4Shared!1.9C25

23.00.65.141123

Sophos

4Share Downloader

4.98

VIPRE Antivirus

Trojan.Win32.Generic

34552

File size:

5.5 MB (5,768,192 bytes)

New IT Solutions

File type:

Executable application (Win32 EXE)

Bundler/Installer:

New IT Desktop Setup (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\4shared_desktop_4.0.3.1.exe

Digital Signature

Signed by:

New IT Limited

Authority:

GoDaddy.com, Inc.

Valid from:

4/10/2014 11:50:45 AM

Valid to:

12/30/2016 5:33:53 AM

Subject:

CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B90BA60B54B37

File PE Metadata

Compilation timestamp:

4/10/2010 9:19:31 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:TUPvzkKIq9GbJmOULXcyCNyyjPlTZvtc0/1A2T4juuIClQuzhuKt36d7BErWUY27:TUHzkKxGth8NCNVPlFuc1A2T4ZRhpt3Z

Entry address:

0x354B

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

The file 4shared_desktop_4.0.3.1.exe has been seen being distributed by the following 2 URLs.

http://nl.inncdn.com/download.php?os=&icon=aHR0cDovL2ltYWdlcy5ici5zZnRjZG4ubmV0L2JyL3Njcm4vMzAzMDAwLzMwMzYxOC80c2hhcmVkLTIucG5n&desc=VW0gYXBsaWNhdGl2byBwYXJhIGFybWF6ZW5hciBlIGNvbXBhcnRpbGhhciBhcnF1aXZvcyBvbi1saW5l&name=4shared&domain=4shared&ss=&lang=pt_BR&url=aHR0cDovLzRzaGFyZWQuc29mdG9uaWMuY29tLmJy&version=121114&ins=apportalbr&gclid=CMKU14rO-MECFUsV7AodjHUAnQ

http://dc522.4shared.com/.../ojm1S47s?null

Remove 4shared_desktop_4.0.3.1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.