home

desktop.exe

4shared Desktop

New IT Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application desktop.exe by New IT Limited has been detected as adware by 2 anti-malware scanners.
Publisher:
تعريب: جمال منلا  (signed by New IT Limited)

Product:
4shared Desktop

Version:
3.3.4.0

MD5:
b3b66f96eb52b5f2eb2883d651e68d32

SHA-1:
a807cbe2509e604650da7585aa35ee9044b0311b

SHA-256:
68ca2a85be000bbbf68ee3e5899c87c455174503c69ca469b940e6557a0f321e

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
4/25/2024 3:31:05 AM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.4Shared
v2014.02.27.06

Reason Heuristics
PUP.NewITLimited.H
14.2.23.10

File size:
4.4 MB (4,613,624 bytes)

Product version:
1.0.0.0

Copyright:
تعريب: جمال منلا

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\Program Files\4shared desktop\desktop.exe

Digital Signature
Signed by:
New IT Limited

Authority:
GoDaddy.com, Inc.

Valid from:
10/28/2010 7:33:24 AM

Valid to:
10/27/2011 6:30:06 AM

Subject:
CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27DDE55D2F337F

File PE Metadata
Compilation timestamp:
3/16/2011 5:04:39 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:Lq9eNoUYLnPne3nYTYvMCH8tDPhkKjhVKFd5feC//KhVebT0TLVQGZpBE/Iz:Lq9hUanv2/MCMRAd5WCSVIKF

Entry address:
0x2E81F8

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 54, 13, 6E, 00, E8, CF, 1A, D2, FF, 68, CC, 82, 6E, 00, 68, EC, 82, 6E, 00, E8, 74, 2A, D2, FF, 85, C0, 75, 0F, 68, CC, 82, 6E, 00, 68, FC, 82, 6E, 00, E8, 61, 2A, D2, FF, 85, C0, 74, 26, 6A, 04, 50, E8, CD, 2B, D2, FF, 8B, D8, 6A, 09, 53, E8, 8B, 2E, D2, FF, 53, E8, ED, 2D, D2, FF, A1, F4, 59, 6F, 00, 8B, 00, E8, C1, C9, DD, FF, EB, 70, A1, F4, 59, 6F, 00, 8B, 00, E8, 2B, C7, DD, FF, A1, F4, 59, 6F, 00, 8B, 00, BA, 18, 83, 6E, 00, E8, 7E, C1, DD, FF, 8B, 0D, F4, 53, 6F, 00...
 
[+]

Entropy:
6.4718

Developed / compiled with:
Microsoft Visual C++

Code size:
2.9 MB (3,043,840 bytes)

Remove desktop.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.