home

4sync.exe

4Sync

4sync Inc.

The application 4sync.exe by 4sync has been detected as a potentially unwanted program by 2 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘4Sync’. While running, it connects to the Internet address smtp547.4shared.com on port 80 using the HTTP protocol.
Publisher:
New IT Solutions  (signed by 4sync Inc.)

Product:
4Sync

Version:
1.2.38.27413

MD5:
2cac789942b05e2da079a24fb3583788

SHA-1:
f873f054306f8369bdb249cdec9f34222db443ee

SHA-256:
812db49e5325cf73b85fda3cf136f98074b2207ea451118a0fe2e2258ffb9361

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 12:44:09 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewITSolutions.Optional.Meta (L)
15.8.22.23

Rising Antivirus
PE:Trojan.Agentb!6.211
23.00.65.15820

File size:
16.7 MB (17,465,816 bytes)

Product version:
1.2

Copyright:
New IT Solutions

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\4sync\4sync.exe

Digital Signature
Signed by:
4sync Inc.

Authority:
GoDaddy.com, Inc.

Valid from:
10/21/2013 4:56:47 PM

Valid to:
10/21/2016 4:56:47 PM

Subject:
CN=4sync Inc., O=4sync Inc., L=San Francisco, S=California, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B26471C28D70E

File PE Metadata
Compilation timestamp:
6/25/2015 7:43:40 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:ERVHDce7prJdSoM9z16rlU+27rA/uNb1oJ:ERVjn7prJYoMR16rlU+0rXb1I

Entry address:
0x832C08

Entry point:
55, 8B, EC, 83, C4, E8, 53, 56, 57, 33, C0, 89, 45, EC, 89, 45, E8, B8, E0, DB, C1, 00, E8, D9, D8, 7D, FF, 33, C0, 55, 68, EE, 2C, C3, 00, 64, FF, 30, 64, 89, 20, 33, C0, 55, 68, C9, 2C, C3, 00, 64, FF, 30, 64, 89, 20, A1, D0, 71, C5, 00, 8B, 00, E8, BD, 33, A0, FF, 8D, 55, E8, 33, C0, E8, EB, 41, 7D, FF, 8B, 45, E8, 8D, 55, EC, E8, 8C, 50, 7F, FF, 8D, 45, EC, BA, 0C, 2D, C3, 00, E8, 63, 92, 7D, FF, 8B, 45, EC, E8, 4F, 2C, DD, FF, 8B, 0D, FC, 75, C5, 00, A1, D0, 71, C5, 00, 8B, 00, 8B, 15, 3C, 4F, 95, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
8.2 MB (8,592,384 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
4Sync

Command:
"C:\Program Files\4sync\4sync.exe" -startup


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to smtp547.4shared.com  (204.155.149.22:80)

TCP (HTTP):
Connects to c-b390-u0741-90.webazilla.com  (74.117.178.90:80)

TCP (HTTP):
Connects to c-b390-u0655-56.webazilla.com  (74.117.178.56:80)

Remove 4sync.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.