home

wondershare dr.fone v3.6.exe

Filegetter

Maxiget Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application wondershare dr.fone v3.6.exe, “Helps file downloading” by Maxiget Limited has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the New IT Desktop Setup installer. The file has been seen being downloaded from ds123.files-fast.net.
Publisher:
Company limited  (signed by Maxiget Limited)

Product:
Filegetter

Description:
Helps file downloading

Version:
3, 3, 40, 0

MD5:
9d767656a7ed4ed3c6e3f83199701711

SHA-1:
08d71bd81f106706ad253904bcb1f31b5a0e1347

SHA-256:
7c87e860c6f181f566cdd7d43948c77e4679db06f6df5ba39d7f700a5dfb9934

Scanner detections:
5 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/27/2024 1:52:27 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3421

ESET NOD32
Win32/4Shared.U potentially unwanted application
7.0.302.0

Reason Heuristics
PUP.MaxigetLimited.W
14.8.7.21

Sophos
4Share Downloader
4.98

VIPRE Antivirus
Threat.4791953
29708

File size:
436 KB (446,472 bytes)

Product version:
3, 3, 40, 0

Copyright:
2014

Trademarks:
Company(C)

Original file name:
FilegetterInstrumnet

File type:
Executable application (Win32 EXE)

Bundler/Installer:
New IT Desktop Setup

Common path:
C:\users\{user}\downloads\wondershare dr.fone v3.6.exe

Digital Signature
Signed by:
Maxiget Limited

Authority:
GoDaddy.com, Inc.

Valid from:
6/3/2014 10:41:06 AM

Valid to:
8/15/2016 8:41:32 AM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
043F9C868704FA

File PE Metadata
Compilation timestamp:
7/3/2014 2:09:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:fTfMcpR8Zhdv/8kqcZI7U1K3EbY5m50HfPVTJ16k9xbu4GC:bfMcf851TZI7UQ3EbYg50H3Bf6kF

Entry address:
0x2B30B

Entry point:
E8, FD, A3, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 14, A1, A8, ED, 44, 00, 33, C5, 89, 45, FC, 53, 56, 33, DB, 57, 8B, F1, 39, 1D, 04, 06, 45, 00, 75, 38, 53, 53, 33, FF, 47, 57, 68, 60, 3E, 44, 00, 68, 00, 01, 00, 00, 53, FF, 15, 50, 11, 44, 00, 85, C0, 74, 08, 89, 3D, 04, 06, 45, 00, EB, 15, FF, 15, CC, 10, 44, 00, 83, F8, 78, 75, 0A, C7, 05, 04, 06, 45, 00, 02, 00, 00, 00, 39, 5D, 14, 7E, 22, 8B, 4D, 14, 8B, 45, 10, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, 45, 14, 2B, C1...
 
[+]

Code size:
252.5 KB (258,560 bytes)

The file wondershare dr.fone v3.6.exe has been seen being distributed by the following URL.

https://ds123.files-fast.net/.../Wondershare Dr.Fone v3.6.exe

Remove wondershare dr.fone v3.6.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.