home

Sync.exe

4shared Sync

New IT Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application Sync.exe by New IT Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
New IT Solutions Ltd.  (signed by New IT Limited)

Product:
4shared Sync

Version:
1.0.1.1

MD5:
cddc5b42ef2388c22b9912a6bed7339f

SHA-1:
af8e24d16f9892c898bd662a3edd3d5459aa7703

SHA-256:
56fae175f0e443a481cc8ac1b3f78381108ce2b817f66eed8f2ad4f8aeb7e0be

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/16/2024 5:35:08 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewITLimited.E
14.7.2.11

File size:
4.1 MB (4,253,688 bytes)

Product version:
1.0.0.0

Copyright:
(c)2011 New IT Solutions Ltd.

Original file name:
Sync.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\4shared sync\sync.exe

Digital Signature
Signed by:
New IT Limited

Authority:
GoDaddy.com, Inc.

Valid from:
10/28/2010 8:33:24 AM

Valid to:
10/27/2011 7:30:06 AM

Subject:
CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27DDE55D2F337F

File PE Metadata
Compilation timestamp:
7/7/2011 4:50:08 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:U6gGQwiPXDVtMFAk4e3iQode3f4KImrOlSnKSKPWcU7u0wPpTkTG6ddxUVB7Kz:U6ghS14e3i3mrcWju0uDw

Entry address:
0x2E4570

Entry point:
55, 8B, EC, 83, C4, E8, 53, 56, 57, 33, C0, 89, 45, E8, 89, 45, EC, B8, 7C, B0, 6D, 00, E8, 29, 56, D2, FF, 33, C0, 55, 68, E6, 46, 6E, 00, 64, FF, 30, 64, 89, 20, 33, C0, 55, 68, C1, 46, 6E, 00, 64, FF, 30, 64, 89, 20, B8, 04, 47, 6E, 00, E8, B7, 6D, D2, FF, 84, C0, 0F, 85, 82, 00, 00, 00, 8D, 45, EC, E8, 0F, 88, FD, FF, 8B, 45, EC, E8, FF, A8, D2, FF, 84, C0, 74, 2F, 6A, 01, 6A, 00, 6A, 00, 8D, 45, E8, E8, F5, 87, FD, FF, 8B, 45, E8, E8, 2D, 29, D2, FF, 50, 68, 10, 47, 6E, 00, A1, 74, 48, 6F, 00, 8B, 00...
 
[+]

Entropy:
6.3235

Developed / compiled with:
Microsoft Visual C++

Code size:
2.9 MB (3,027,968 bytes)

Remove Sync.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.