home

fuzzy.exe

4shared Desktop Setup

New IT Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application fuzzy.exe by New IT Limited has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the New IT Desktop Setup installer. This version of the installer will bundle the Ask.com Toolbar, a potentially unwanted web browser extension. The file has been seen being downloaded from rt3.getdownload.net.
Publisher:
New IT Solutions  (signed by New IT Limited)

Product:
4shared Desktop Setup

Version:
4.0.3.1

MD5:
b5d430ac24ee6ad666cd8cf5fc75fa4c

SHA-1:
2fcdd45333c726b9794b01da2b1429eee58e5f31

SHA-256:
94aa7f6f3afb0eee5d18a1840698964e7fe8568e832d590cda2cb23241543bbd

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Bundles that Ask.com toolbar as a third-party offer, a web browser extension that may modify a user's search and home pages.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/24/2024 5:51:33 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.Ask
7.1.1

avast!
Win32:Toolbar-N [PUP]
2014.9-150515

Bkav FE
W32.Clod979.Trojan
1.3.0.4613

Comodo Security
Application.Win32.NewIT.B
17947

Dr.Web
Adware.Downware.1417
9.0.1.0135

ESET NOD32
Win32/Bundled.Toolbar.Ask (variant)
9.9190

herdProtect (fuzzy)
variant of krewella - alive (lc project remix).exe (Adware)
2015.8.12.18

Malwarebytes
PUP.Optional.4Shared
v2015.05.15.08

McAfee
Artemis!A8563F17A5F3
5600.6764

NANO AntiVirus
Trojan.Win32.Downware.cumjmn
0.28.0.58491

Reason Heuristics
Threat.New IT Limited.Bundler
15.5.15.16

Rising Antivirus
PE:PUF.4Shared!1.9C25
23.00.65.15513

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
9873

Trend Micro House Call
TROJ_GEN.F47V0831
7.2.135

File size:
5.5 MB (5,770,848 bytes)

Copyright:
New IT Solutions

File type:
Executable application (Win32 EXE)

Bundler/Installer:
New IT Desktop Setup (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\fuzzy.exe

Digital Signature
Signed by:
New IT Limited

Authority:
GoDaddy.com, Inc.

Valid from:
11/16/2012 7:16:05 PM

Valid to:
11/16/2013 5:30:34 PM

Subject:
CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B2A165690BBAA

File PE Metadata
Compilation timestamp:
4/10/2010 3:19:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:sWO7Z+ByxlOyexgcs6ArgkStxQM7osPuI+sPtumURA8oGNoD8MyeDFtGi5PHgS4A:st78By/OyexgT1l+P7jPz+dtHoKc/GMH

Entry address:
0x354B

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Entropy:
7.9938

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file fuzzy.exe has been seen being distributed by the following URL.

http://rt3.getdownload.net/downloadhelper/named/desktop_4031/13cL8QeZ/.../Fuzzy.exe

Remove fuzzy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.