» 4sync.exe
Overview
Analysis
File Details
Behaviors (1)

4sync.exe

New IT Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application 4sync.exe by New IT Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘4Sync’.

File name:

4sync.exe

Publisher:

New IT Limited (signed and verified)

Version:

1.0.8.1

MD5:

8bb63809b00fdef9c904566d8a66550a

SHA-1:

3ac0aea38c3d3cedfd3ccdba37016be8b248d9a1

SHA-256:

ec2f8e13b6c47c092207d43bb1b1eb4683041dc965a54b97624637f06647b28a

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/26/2024 8:25:23 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.New IT Limited.NewIT (M)

16.1.19.19

File size:

11.4 MB (11,919,904 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\4sync\4sync.exe

Digital Signature

Signed by:

New IT Limited

Authority:

GoDaddy.com, Inc.

Valid from:

11/5/2011 1:00:14 AM

Valid to:

11/3/2012 10:47:52 PM

Subject:

CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

0434DD1A1F0904

File PE Metadata

Compilation timestamp:

10/6/2012 1:06:57 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:yuN6HFuZmUfEGCF1gS2L7ivfat/O5qZGG1ngKpAupBVdSYb4ufgFEJq:y5HFyyLkivfk/Q8AupB9bToT

Entry address:

0x617798

Entry point:

55, 8B, EC, 83, C4, E8, 53, 56, 57, 33, C0, 89, 45, EC, 89, 45, E8, B8, 48, BD, 9F, 00, E8, 61, 57, 9F, FF, 8B, 1D, AC, D5, A2, 00, 33, C0, 55, 68, 9A, 78, A1, 00, 64, FF, 30, 64, 89, 20, 33, C0, 55, 68, 75, 78, A1, 00, 64, FF, 30, 64, 89, 20, 8B, 03, E8, FC, DB, B6, FF, 8D, 55, E8, 33, C0, E8, 7E, D5, 9E, FF, 8B, 45, E8, 8D, 55, EC, E8, CB, D5, A0, FF, 8D, 45, EC, BA, B8, 78, A1, 00, E8, 96, 21, 9F, FF, 8B, 45, EC, E8, 46, D6, F5, FF, 8B, 0D, 78, D9, A2, 00, 8B, 03, 8B, 15, 54, AE, 9A, 00, E8, D7, DB, B6... 
[+]

Entropy:

6.0356

Developed / compiled with:

Microsoft Visual C++

Code size:

6.1 MB (6,382,592 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

4Sync

Command:

"C:\Program Files\4sync\4sync.exe" -startup

Remove 4sync.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.