» 4sync-1.0.6cm.exe
Overview
Analysis
File Details
Downloads (2)

4sync-1.0.6cm.exe

4Sync Setup

New IT Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application 4sync-1.0.6cm.exe by New IT Limited has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the New IT Desktop Setup installer. The file has been seen being downloaded from dc300.4shared.com and multiple other hosts.

File name:

4sync-1.0.6cm.exe

Publisher:

New IT Solutions (signed by New IT Limited)

Product:

4Sync Setup

Version:

1.0.6

MD5:

8afe17025bcb7e6ae6a67382657e9bb9

SHA-1:

f781d90e2bd4e18285168054e89019c19cc39d0c

SHA-256:

75714b76a81eaf2e02c7703ff75095257428bbdf9b944393ad9d8fd39a1d9d98

Scanner detections:

3 / 68

Status:

Adware

Explanation:

Bundles the Conduit Toolbar and/or Conduit Search Protect.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/23/2024 4:23:03 PM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

Heur.Suspicious

17448

Reason Heuristics

PUP.Installer.NewITLimited.L

14.3.2.13

VIPRE Antivirus

Conduit

24904

File size:

7.8 MB (8,164,384 bytes)

New IT Solutions

File type:

Executable application (Win32 EXE)

Bundler/Installer:

New IT Desktop Setup (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\4sync-1.0.6cm.exe

Digital Signature

Signed by:

New IT Limited

Authority:

GoDaddy.com, Inc.

Valid from:

11/4/2011 3:00:14 PM

Valid to:

11/3/2012 12:47:52 PM

Subject:

CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

0434DD1A1F0904

File PE Metadata

Compilation timestamp:

4/10/2010 9:19:31 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

196608:LFObMKp6dOQI4UwTbiTtyf1MUfyrJYCscSSUZo7mrQ8:LFOSdOQ9IW1Me3gUxQ8

Entry address:

0x354B

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

The file 4sync-1.0.6cm.exe has been seen being distributed by the following 2 URLs.

http://dc300.4shared.com/download/.../4Sync-106cm.exe

http://dc592.4shared.com/download/.../4Sync-106cm.exe

Remove 4sync-1.0.6cm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.