home

bearshare_mp3_free.exe

BearShare MP3

Prospera Software, Inc.

The application bearshare_mp3_free.exe by Prospera Software has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from aresgalaxyonline.s3.amazonaws.com.
Publisher:
AresGalaxyOnline LLC  (signed by Prospera Software, Inc.)

Product:
BearShare MP3

Version:
8.1.0.0

MD5:
24893e0fcb8d4073ec32becc0b0cf0e6

SHA-1:
57b65edacfad07fe1887eae93141d7a47ce6ade2

SHA-256:
64bef3088dfc69d0e646112fa3de20b588a918fd666dc029f2f83fa71213ca0e

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
5/15/2024 2:37:04 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.2954

Bkav FE
W32.HfsAdware
1.3.0.7237

Dr.Web
Program.Unwanted.538
9.0.1.0290

Reason Heuristics
PUP.ProsperaSoftware.Installer (M)
15.10.17.11

Vba32 AntiVirus
Downloader.AdLoad
3.12.26.4

VIPRE Antivirus
ProsperaSoftware
44506

File size:
6.8 MB (7,126,760 bytes)

Copyright:
� AresGalaxyOnline LLC

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\bearshare_mp3_free.exe

Digital Signature
Signed by:
Prospera Software, Inc.

Authority:
COMODO CA Limited

Valid from:
5/24/2015 8:00:00 PM

Valid to:
5/24/2016 7:59:59 PM

Subject:
CN="Prospera Software, Inc.", O="Prospera Software, Inc.", POBox=30024, STREET=4539 Arbor Crest Place, L=Suwanee, S=Georgia, PostalCode=30024, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
19A1AE80173FC78EF95D67C4BB75F591

File PE Metadata
Compilation timestamp:
2/24/2012 2:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:Aj5xwFp4meLAITv2fOL19Mb2z784GMRPLaM0:Zpj22f09G2z1LaM0

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.9987

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file bearshare_mp3_free.exe has been seen being distributed by the following URL.

http://aresgalaxyonline.s3.amazonaws.com/bearshare_mp3_free.exe

Remove bearshare_mp3_free.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.