home

4sync_update.exe

4Sync

4sync Inc.

The application 4sync_update.exe by 4sync has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.4sync.com.
Publisher:
New IT Solutions  (signed by 4sync Inc.)

Product:
4Sync

Version:
1.2.19.24415

MD5:
7a05c7f791ce8f9da9d4be29f0fdfbd9

SHA-1:
ba61ab47fbbbc213aac80a03ddbdd5c408b5adc7

SHA-256:
179c1b1460cccdb6faad193ef19e35269e5c5139232f80e5e4052a0256dd1009

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/27/2024 2:06:00 AM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.41078
8.14.05.19.04

Reason Heuristics
PUP.Optional.NewITSolutions.Meta (L)
15.6.19.9

File size:
13.3 MB (13,989,848 bytes)

Product version:
1.2.19.24415

Copyright:
New IT Solutions

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\4sync\temp\4sync_update.exe

Digital Signature
Signed by:
4sync Inc.

Authority:
GoDaddy.com, Inc.

Valid from:
10/22/2013 1:56:47 AM

Valid to:
10/22/2016 1:56:47 AM

Subject:
CN=4sync Inc., O=4sync Inc., L=San Francisco, S=California, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B26471C28D70E

File PE Metadata
Compilation timestamp:
1/13/2014 8:35:46 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:MKVQd3hcF71bH1exV30YhfGlcKHow1xZ8kGLrBqF/ehAB1s:5u3GfH1eH3b9RKHoiZ8kGvBqF/eC6

Entry address:
0x40FFF8

Entry point:
55, 8B, EC, 83, C4, E8, 53, 56, 33, C0, 89, 45, E8, 89, 45, EC, B8, 18, F3, 7F, 00, E8, 96, F1, BF, FF, 8B, 1D, FC, 10, 82, 00, 8B, 35, 90, 16, 82, 00, 33, C0, 55, 68, 89, 01, 81, 00, 64, FF, 30, 64, 89, 20, 68, 07, 80, 00, 00, E8, D2, F2, FE, FF, 8B, 03, E8, EF, B2, DF, FF, B2, 01, A1, 2C, F2, 7F, 00, E8, 9F, 81, BF, FF, 8B, 13, 89, 82, 04, 01, 00, 00, C7, 82, 00, 01, 00, 00, 10, F3, 7F, 00, E8, A8, 96, FD, FF, E8, 67, A2, FD, FF, 85, C0, 75, 68, A1, 24, 12, 82, 00, 80, 38, 00, 74, 17, 83, C9, FF, BA, A4...
 
[+]

Entropy:
7.6280

Developed / compiled with:
Microsoft Visual C++

Code size:
4.1 MB (4,255,232 bytes)

The file 4sync_update.exe has been seen being distributed by the following URL.

http://www.4sync.com/download/.../4Sync_121924415.exe

Remove 4sync_update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.