» desktop.exe
Overview
Analysis
File Details

desktop.exe

4shared Desktop

New IT Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application desktop.exe by New IT Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the New IT Desktop Setup installer.

File name:

desktop.exe

Publisher:

New IT Solutions (signed by New IT Limited)

Product:

4shared Desktop

Version:

3.3.4.0

MD5:

e0c9f7fd3ef098112a426976ab4a3113

SHA-1:

57dd14f13dfb160de507e8b6e0c00025a5307803

SHA-256:

633e37e5bd317b3ccf19d7558e18cefb91ed79d8deeac086b825fd01e69db371

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/23/2024 3:54:27 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.New IT Limited (M)

17.2.15.14

File size:

4.4 MB (4,613,624 bytes)

Product version:

1.0.0.0

New IT Solutions

File type:

Executable application (Win32 EXE)

Bundler/Installer:

New IT Desktop Setup

Language:

English (United States)

Common path:

C:\Program Files\4shared desktop\desktop.exe

Digital Signature

Signed by:

New IT Limited

Authority:

GoDaddy.com, Inc.

Valid from:

10/28/2010 12:33:24 PM

Valid to:

10/27/2011 11:30:06 AM

Subject:

CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

27DDE55D2F337F

File PE Metadata

Compilation timestamp:

3/16/2011 9:04:39 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x2E81F8

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, 54, 13, 6E, 00, E8, CF, 1A, D2, FF, 68, CC, 82, 6E, 00, 68, EC, 82, 6E, 00, E8, 74, 2A, D2, FF, 85, C0, 75, 0F, 68, CC, 82, 6E, 00, 68, FC, 82, 6E, 00, E8, 61, 2A, D2, FF, 85, C0, 74, 26, 6A, 04, 50, E8, CD, 2B, D2, FF, 8B, D8, 6A, 09, 53, E8, 8B, 2E, D2, FF, 53, E8, ED, 2D, D2, FF, A1, F4, 59, 6F, 00, 8B, 00, E8, C1, C9, DD, FF, EB, 70, A1, F4, 59, 6F, 00, 8B, 00, E8, 2B, C7, DD, FF, A1, F4, 59, 6F, 00, 8B, 00, BA, 18, 83, 6E, 00, E8, 7E, C1, DD, FF, 8B, 0D, F4, 53, 6F, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

2.9 MB (3,043,840 bytes)

Remove desktop.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.