home

www.sharfiles.com

Whois Privacy Shield Services

Domain Information

The domain www.sharfiles.com registered by Whois Privacy Shield Services was initially registered in January of 2016 through INTERNET.BS CORP.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dublin, Dublin City within Ireland which resides on the Amazon Technologies Inc. network. The domain uses the Amazon Web Services (AWS) cloud computing platform from the EU (Ireland) region datacenter.
Registrar:
SOCRATES 888, LLC

Server location:
Dublin City, Ireland (IE)

Create date:
Wednesday, January 27, 2016

Expires date:
Friday, January 27, 2017

Updated date:
Saturday, January 30, 2016

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.

Root domain:
sharfiles.com

Whois:
4 sharfiles.com records

Google Safe Browsing:
malware

Scanner detections:
Detections  (93% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.FINEDREAMINVEST.r, PUP.FINEDREAMINVEST.U, PUP.FINEDREAMINVEST.e, PUP.FINEDREAMINVEST.w, PUP.LADYSWOOD2013, PUP.FINEDREAMINVEST (M), PUP.SOFTWAREAGILITY (M), PUP.Brightcircle.LADYSWOO (M), PUP.FINEDREA (M), PUP (M)
100.00%

avast!
Win32:Adware-BGS [PUP], Win32:Adware-gen [Adw]
30.77%

VIPRE Antivirus
iPumper, PileFile Downloader, Threat.4787725
30.77%

Avira AntiVirus
ADWARE/Adware.Gen
30.77%

Rising Antivirus
PE:PUF.FilePile!1.9E19
30.77%

Malwarebytes
PUP.Optional.FilePile.A
23.08%

AhnLab V3 Security
Adware/Win32.DownloadWare, PUP/Win32.Downloader
23.08%

ESET NOD32
Win32/BundleInstaller (variant)
23.08%

nProtect
Adware/W32.Agent.5175736, Trojan-Dropper/W32.Agent.6390728
15.38%

IKARUS anti.virus
Trojan-Dropper.Agent, Trojan-Downloader.Win32.Clikug
15.38%

Fortinet FortiGate
W32/Agent.PFR!tr
15.38%

AVG
MalSign.Generic, Downloader.Generic13
15.38%

herdProtect (fuzzy)
a variant of eec76c623366b4593b6771800a74f8ac9cc2983b
7.69%

McAfee
PileFile!FACF074CA6EC
7.69%

ESET NOD32
Win32/BundleInstaller.D potentially unwanted application
7.69%

The domain www.sharfiles.com has been seen to resolve to the following 5 IP addresses.

54.210.47.225
ec2-54-210-47-225.compute-1.amazonaws.com
April 11, 2016

146.148.34.125
125.34.148.146.bc.googleusercontent.com
April 11, 2016

54.72.9.51
ec2-54-72-9-51.eu-west-1.compute.amazonaws.com
November 10, 2015

176.121.11.90
September 7, 2014

195.66.79.27
December 27, 2013

File downloads found at URLs served by www.sharfiles.com.

1 / 68      (Adware)
http://www.sharfiles.com/.../how_to_draw_a_kitchen_Downloader_470500001.exe  (how_to_draw_a_kitchen_downloader.exe)

1 / 68      (Adware)
http://www.sharfiles.com/.../Job-Hunter-Houston.rar_Downloader_316111414.exe  (job-hunter-houston.rar_downloader.exe)

1 / 68      (Adware)
http://www.sharfiles.com/.../FOTOT_E_LILIANA_BALVANERA_Downloader_470500001.exe  (fotot_e_liliana_balvanera_downloader.exe)

1 / 68      (Adware)
http://www.sharfiles.com/.../hp_deskjet_f370_free_Downloader_73200214.exe  (hp_deskjet_f370_free_downloader.exe)

1 / 68      (Adware)
http://www.sharfiles.com/.../The-Incredibles-Kronos-Database.rar_Downloader_316111414.exe  (the-incredibles-kronos-database.rar_downloader.exe)

1 / 68      (Adware)
http://www.sharfiles.com/.../jenny_mccarthy_playpoy_2012_pictures_Downloader_470500001.exe  (jenny_mccarthy_playpoy_2012_pictures_downloader.exe)

1 / 68      (Adware)
http://www.sharfiles.com/.../Fugitive-At-17-Trailer.rar_Downloader_316111414.exe  (fugitive-at-17-trailer.rar_downloader.exe)

11 / 68    (Adware)
http://www.sharfiles.com/.../bieber_tourways_round_trip_bus_service_to_philadelphia_premium_outlets_Downloader_470500001.exe  (742_woodsmaster_30-06_for_sale_downloader.exe)

29 / 68    (Adware)
http://www.sharfiles.com/.../thevampirediaries_S05E09_Downloader_428100010.exe  (thevampirediaries_s05e09_downloader.exe)

11 / 68    (Adware)
http://www.sharfiles.com/.../742_woodsmaster_30-06_for_sale_Downloader_470500001.exe  (742_woodsmaster_30-06_for_sale_downloader.exe)

8 / 68      (Adware)
http://www.sharfiles.com/.../Real-Pictures-Of-Santa-And-His-Reindeer.rar_Downloader_316111414.exe  (bungalow-house-plans-with-photos-ireland.rar_downloader.exe)

1 / 68      (Adware)
http://www.sharfiles.com/.../Dragon_City_Hack_Tool_v3.4_Downloader_214200001.exe  (dragon_city_hack_tool_v3.4_downloader.exe)

0 / 68
http://www.sharfiles.com/.../Steam-Key-Generator2013_Downloader_109200010.exe  (steam-key-generator2013_downloader.exe)

9 / 68      (Adware)
http://www.sharfiles.com/.../Dell-Openmanage-Server-Assistant-6.4-Cd.rar_Downloader_316111314.exe  (wondershare-liveboot-2012-exe-4-shared.rar_downloader.exe)

1 / 68      (Adware)
http://www.sharfiles.com/.../UPDATE2v1_Downloader_360900014.exe  (update2v1_downloader.exe)

The following 219 files have been seen to comunicate with www.sharfiles.com in live environments.

TCP » 54.72.9.51:80
toolbarupdaterservice.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
onedrvup.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
247843.ftf (Optimizer Pro v3.2 by PC Utilities Software Limited)

TCP » 54.72.9.51:80
1799877.exe

TCP » 54.72.9.51:80
IEError.exe (IEError)

TCP » 54.72.9.51:80
install_flashplayer14x32_x64md_aaa_aih.exe (bon joueur)

TCP » 54.72.9.51:80
optimizerproinstaller.exe (Optimizer Pro v3.2 by PCUtilities Software Limited)

TCP » 54.72.9.51:80
charles.exe (by Apple)

TCP » 54.72.9.51:80
onedrv.exe

TCP » 54.72.9.51:80
IEError.exe (IEError)

TCP » 54.72.9.51:80
updater27793.exe (CouponDropDown Plugin by Innovative Apps)

TCP » 54.72.9.51:80
install_flashplayer16x33_masp_aaa_aih.exe (by Apple)

TCP » 54.72.9.51:80
toolbarupdaterservice.exe

TCP » 54.72.9.51:80
hdnInstaller.exe (hdnInstaller)

TCP » 54.72.9.51:80
g.jpg

TCP » 54.72.9.51:80
smlb.jpg

TCP » 54.72.9.51:80
smlb.jpg

TCP » 54.72.9.51:80
hqghumeaylnlf.exe (Optimizer Pro v3.2 by PC Utilities Software Limited)

 
Latest 20 of 226 files

URL:
http://www.sharfiles.com/

Title:
“sharfiles.com”

Title (12/27/2013):
“Fast File Downloader”

Title (5/3/2015):
“sharfiles.com”

Network:
Amazon Web Services (AWS), running an EC2 instance

Web server:
nginx

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.