» desktop.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)
Network (34)

desktop.exe

New IT Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application desktop.exe by New IT Limited has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the New IT Desktop Setup installer. This file is typically installed with the program 4shared Desktop by New IT Limited which is a potentially unwanted software program. The file has been seen being downloaded from dc636.4shared.com. While running, it connects to the Internet address akamai-node-del.spectranet.com on port 80 using the HTTP protocol.

File name:

desktop.exe

Publisher:

New IT Limited (signed and verified)

Version:

4.0.3.1

MD5:

1bb888e758def7f8e261a4b22f8fffbc

SHA-1:

2a2bafbf7e390c9b1dce30c9cdc4d7ab0bdb5e2f

SHA-256:

e340cf33ea586e2ba4b5db2177640a7974ed58c4c653f0a55a828d752cfdd854

Scanner detections:

2 / 68

Status:

Adware

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/23/2024 5:26:38 AM UTC (today)

Scan engine

Detection

Engine version

Malwarebytes

PUP.Optional.4Shared

v2013.12.21.12

Reason Heuristics

PUP.NewITLimited.H

14.3.1.16

File size:

11.7 MB (12,230,104 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Bundler/Installer:

New IT Desktop Setup

Language:

English (United States)

Common path:

C:\Program Files\4shared desktop\desktop.exe

Digital Signature

Signed by:

New IT Limited

Authority:

GoDaddy.com, Inc.

Valid from:

11/16/2012 3:16:05 PM

Valid to:

11/16/2013 1:30:34 PM

Subject:

CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B2A165690BBAA

File PE Metadata

Compilation timestamp:

7/29/2013 12:46:03 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:qxA4VeiwCrSp6yi4xIIvylVIgWtqVr5Qez8PFx/9:q7eNNMyizI0c8V+Jx/9

Entry address:

0x6E40F4

Entry point:

55, 8B, EC, 83, C4, EC, 53, 33, C0, 89, 45, EC, B8, D8, 66, AC, 00, E8, 9A, 8F, 92, FF, 33, C0, 55, 68, 69, 42, AE, 00, 64, FF, 30, 64, 89, 20, 8D, 45, EC, 8B, 15, 3C, 53, B0, 00, 8B, 12, E8, FC, 57, 92, FF, 8B, 55, EC, B8, 84, 42, AE, 00, E8, 6F, 5D, 92, FF, 8B, D8, 68, A0, 42, AE, 00, 68, C0, 42, AE, 00, E8, 62, DB, 92, FF, 85, C0, 75, 0F, 68, A0, 42, AE, 00, 68, D0, 42, AE, 00, E8, 4F, DB, 92, FF, 85, C0, 74, 3E, 85, DB, 7E, 11, A1, 2C, 54, B0, 00, 8B, 00, E8, 8F, C6, AA, FF, E9, E1, 00, 00, 00, 6A, 04... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

6.9 MB (7,219,712 bytes)

The file desktop.exe has been discovered within the following program.

4shared Desktop by New IT Limited

About 63% of users remove it

The file desktop.exe has been seen being distributed by the following URL.

http://dc636.4shared.com/download/.../desktop.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to c-b390-u0744-93.webazilla.com (74.117.178.93:443)

TCP (HTTP SSL):

Connects to c-b390-u0655-56.webazilla.com (74.117.178.56:443)

TCP (HTTP):

Connects to c-b390-u0741-90.webazilla.com (74.117.178.90:80)

TCP (HTTP):

Connects to c-b390-u0657-58.webazilla.com (74.117.178.58:80)

TCP (HTTP):

Connects to c-k330-u1011-175.webazilla.com (199.101.133.175:80)

TCP (HTTP):

Connects to c-k330-u1234-77.webazilla.com (199.101.133.77:80)

TCP (HTTP):

Connects to ch4plpkivs-v03.any.prod.ord1.secureserver.net (50.63.243.230:80)

TCP (HTTP):

Connects to a23-37-43-27.deploy.static.akamaitechnologies.com (23.37.43.27:80)

TCP (HTTP):

Connects to c-r100-u0740-89.webazilla.com (74.117.178.89:80)

TCP (HTTP):

Connects to c-k330-u1008-172.webazilla.com (199.101.133.172:80)

TCP (HTTP):

Connects to c-b390-u0736-85.webazilla.com (74.117.178.85:80)

TCP (HTTP):

Connects to c-k330-u1108-51.webazilla.com (199.101.133.51:80)

TCP (HTTP):

Connects to sg2plpkivs-v03.any.prod.sin2.secureserver.net (182.50.136.239:80)

TCP (HTTP):

Connects to n1plpkivs-v03.any.prod.ams1.secureserver.net (188.121.36.239:80)

TCP (HTTP):

Connects to c-e420-u0797-21.webazilla.com (204.155.147.21:80)

TCP (HTTP):

Connects to c-b350-u0283-101.webazilla.com (204.155.146.101:80)

TCP (HTTP SSL):

Connects to cache.google.com (41.206.96.114:443)

TCP (HTTP):

Connects to cable190-248-95-96.une.net.co (190.248.95.96:80)

TCP (HTTP):

Connects to c-a420-u0868-160.webazilla.com (199.101.133.160:80)

TCP (HTTP):

Connects to c-a420-u0864-156.webazilla.com (199.101.133.156:80)

Remove desktop.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.