desktop.exe

Desktop

4sync Inc.

The application desktop.exe by 4sync has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address c-b390-u0657-58.webazilla.com on port 443.
Publisher:
New IT Solutions  (signed by 4sync Inc.)

Product:
Desktop

Version:
4.0.11.26545

MD5:
fcfe15a5de3cbec039cb703d2d4b41ad

SHA-1:
94cfc57d6df652bccf9261eeba5b67152ae474c7

SHA-256:
138132c56cfa584cc8e4763c126577a4f6e65f851262439a3e4d8965b0e7d3b4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
6/21/2018 4:02:07 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.NewITSolutions.Meta (L)
15.6.19.9

File size:
13.2 MB (13,879,256 bytes)

Product version:
4.0

Copyright:
New IT Solutions

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\4shared desktop\desktop.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
10/22/2013 12:56:47 AM

Valid to:
10/22/2016 12:56:47 AM

Subject:
CN=4sync Inc., O=4sync Inc., L=San Francisco, S=California, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B26471C28D70E

File PE Metadata
Compilation timestamp:
8/26/2014 12:28:45 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:OilzcpaJM9aXBsbZfYDaU+/iobfJcoli7JdFbQWBFViSVWpZk4sUWOeDFrUIfgfm:OHpai9aXOSWIolSdFbnFVzVuZDeD2Io+

Entry address:
0x871EFC

Entry point:
55, 8B, EC, 83, C4, EC, 53, 33, C0, 89, 45, EC, B8, E0, 1B, C5, 00, E8, 72, E6, 79, FF, 33, C0, 55, 68, 46, 20, C7, 00, 64, FF, 30, 64, 89, 20, 8D, 45, EC, 8B, 15, 20, 70, C9, 00, 8B, 12, E8, 7C, 9E, 79, FF, 8B, 55, EC, B9, 01, 00, 00, 00, B8, 60, 20, C7, 00, E8, 4E, A4, 79, FF, 8B, D8, 68, 7C, 20, C7, 00, 68, 9C, 20, C7, 00, E8, 35, 34, 7A, FF, 85, C0, 75, 0F, 68, 7C, 20, C7, 00, 68, AC, 20, C7, 00, E8, 22, 34, 7A, FF, 85, C0, 74, 3E, 85, DB, 7E, 11, A1, 20, 71, C9, 00, 8B, 00, E8, AE, A8, 9C, FF, E9, B1...
 
[+]

Entropy:
6.1961

Developed / compiled with:
Microsoft Visual C++

Code size:
8.4 MB (8,849,920 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to c-b390-u0736-85.webazilla.com  (74.117.178.85:443)

TCP (HTTP):
Connects to c-k330-u1008-172.webazilla.com  (199.101.133.172:80)

TCP (HTTP):
Connects to c-k330-u1234-77.webazilla.com  (199.101.133.77:80)

TCP (HTTP SSL):
Connects to c-b390-u0655-56.webazilla.com  (74.117.178.56:443)

TCP (HTTP SSL):
Connects to c-r100-u0740-89.webazilla.com  (74.117.178.89:443)

TCP (HTTP SSL):
Connects to c-b390-u0657-58.webazilla.com  (74.117.178.58:443)

TCP (HTTP SSL):
Connects to c-k330-u1108-51.webazilla.com  (199.101.133.51:443)

TCP (HTTP SSL):
Connects to c-k330-u1011-175.webazilla.com  (199.101.133.175:443)

TCP (HTTP SSL):
Connects to c-e420-u1906-32.webazilla.com  (204.155.147.32:443)

TCP (HTTP SSL):
Connects to c-a430-u0833-38.webazilla.com  (199.101.133.38:443)

TCP (HTTP SSL):
Connects to c-a050-uc0635-99.webazilla.com  (199.80.53.99:443)

TCP (HTTP SSL):
Connects to v-5-331-d2664-26.webazilla.com  (78.140.185.26:443)

TCP (HTTP SSL):
Connects to v-5-322-d2648-26.webazilla.com  (78.140.186.26:443)

TCP (HTTP SSL):
Connects to smtp616.4shared.com  (204.155.149.85:443)

TCP (HTTP SSL):
Connects to smtp336.4shared.com  (199.101.133.6:443)

TCP (HTTP SSL):
Connects to dc131.4shared.com  (208.88.227.166:443)

TCP (HTTP SSL):
Connects to c-p170-u2616-06.webazilla.com  (204.155.148.6:443)

TCP (HTTP SSL):
Connects to c-p170-u2323-231.webazilla.com  (199.101.135.231:443)

TCP (HTTP SSL):
Connects to c-m290-u1093-61.webazilla.com  (199.101.133.61:443)

TCP (HTTP SSL):
Connects to c-m290-u1088-56.webazilla.com  (199.101.133.56:443)

Remove desktop.exe - Powered by Reason Core Security