home

desktop.exe

4shared Desktop

New IT Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application desktop.exe by New IT Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address c-b390-u0657-58.webazilla.com on port 443.
Publisher:
New IT Solutions  (signed by New IT Limited)

Product:
4shared Desktop

Version:
3.3.4.0

MD5:
a697ecbcf170ddab4e0512c0a7b26a33

SHA-1:
04347a212d34891080104268dc1f7c4d8a32862a

SHA-256:
36a79d6f0a72fce3e80704ae15bd2ebc54aad3b2c40c1fc841c1dd121661eee8

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/19/2024 8:02:35 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewITLimited.H
14.9.19.0

File size:
4.7 MB (4,896,760 bytes)

Product version:
1.0.0.0

Copyright:
New IT Solutions

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\Program Files\4shared desktop\desktop.exe

Digital Signature
Signed by:
New IT Limited

Authority:
GoDaddy.com, Inc.

Valid from:
10/28/2010 10:33:24 AM

Valid to:
10/27/2011 9:30:06 AM

Subject:
CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27DDE55D2F337F

File PE Metadata
Compilation timestamp:
2/9/2011 12:39:25 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:+020Z2udcQvYBw8G7WAKcvzwFmV8tRmK7KyIZKb0HjTbcfdkTQTL+HYFoqa/xz:L2Udchw8Gf7Lwn5IWs7kdWmXM

Entry address:
0x2F3324

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 38, B7, 6E, 00, E8, C3, 69, D1, FF, 68, F8, 33, 6F, 00, 68, 18, 34, 6F, 00, E8, 70, 79, D1, FF, 85, C0, 75, 0F, 68, F8, 33, 6F, 00, 68, 28, 34, 6F, 00, E8, 5D, 79, D1, FF, 85, C0, 74, 26, 6A, 04, 50, E8, C9, 7A, D1, FF, 8B, D8, 6A, 09, 53, E8, 8F, 7D, D1, FF, 53, E8, F1, 7C, D1, FF, A1, 74, 0B, 70, 00, 8B, 00, E8, 6D, 18, DD, FF, EB, 70, A1, 74, 0B, 70, 00, 8B, 00, E8, D7, 15, DD, FF, A1, 74, 0B, 70, 00, 8B, 00, BA, 44, 34, 6F, 00, E8, 2A, 10, DD, FF, 8B, 0D, 24, 05, 70, 00...
 
[+]

Entropy:
6.4047

Developed / compiled with:
Microsoft Visual C++

Code size:
2.9 MB (3,086,336 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a104-112-213-15.deploy.static.akamaitechnologies.com  (104.112.213.15:443)

TCP (HTTP SSL):
Connects to c-b390-u0657-58.webazilla.com  (74.117.178.58:443)

TCP (HTTP):
Connects to c-b390-u0736-85.webazilla.com  (74.117.178.85:80)

TCP (HTTP):
Connects to c-k330-u1008-172.webazilla.com  (199.101.133.172:80)

TCP (HTTP SSL):
Connects to bd064cf8.virtua.com.br  (189.6.76.248:443)

TCP (HTTP SSL):
Connects to bd064cf7.virtua.com.br  (189.6.76.247:443)

TCP (HTTP SSL):
Connects to bd064ca3.virtua.com.br  (189.6.76.163:443)

TCP (HTTP SSL):
Connects to bd064c94.virtua.com.br  (189.6.76.148:443)

TCP (HTTP):
Connects to a23-15-155-27.deploy.static.akamaitechnologies.com  (23.15.155.27:80)

Remove desktop.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.