4Share Downloader

Categoria: Adware e PUA Opzioni di protezione ora disponibili:24 lug 2013 23.54.05 (GMT)
Tipo: Unspecified PUA Ultimo aggiornamento:15 apr 2014 16.13.07 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

4Share Downloader is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of 4Share Downloader include:

Example 1

File Information

Size
1.4M
SHA-1
000126cb3b131882ded0fe766f4fe08a0efca1a5
MD5
47cbc32fef91e4f33e1f1101c93a6a51
CRC-32
c405ff9a
File type
Windows executable
First seen
2013-07-16

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\crp3.exe
  • c:\Documents and Settings\test user\Application Data\B1Toolbar\hpet.exe
  • c:\Documents and Settings\test user\Application Data\Baidu Security\PC Faster\1.19.0.2\RpData\2013-07-29 21_12_52_RpData.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\uti2.exe
  • c:\Documents and Settings\test user\Local Settings\Application Data\B1E\B1Tool.zip
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\ESENT\Process\crp3\DEBUG
    Trace Level
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013072920130730
    CacheRepair
    0x00000000
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Search Page Before
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  • HKCU\Software\Baidu Security\PC Faster
    pcfaster-guid
    b5397b17-f6cd-436d-b349-8c594cdaa04a
Registry Keys Modified
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Search Page
    http://search.b1.org/?bsrc=hmior&chid=c162341
Processes Created
  • c:\Documents and Settings\test user\application data\b1toolbar\hpet.exe
  • c:\docume~1\support\locals~1\temp\crp3.exe
HTTP Requests
  • http://dc708.4shared.com/download/Y6Jmd43j
  • http://download.pcfaster.baidu.com/newver_B23.xml
  • http://www.4shared.com/rar/Y6Jmd43j/Mc_Daleste_-_Voz_Estranha_-_Cd.html
DNS Requests
  • dc708.4shared.com
  • download.pcfaster.baidu.com
  • www.4shared.com

Example 2

File Information

Size
303K
SHA-1
000369458a1d32cbd7ec9fa5deb8f0b56ca975b9
MD5
dffd14bbc22c6529405c1364f0da8e37
CRC-32
518a0e00
File type
Windows executable
First seen
2013-08-13

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013081320130814
    CacheRepair
    0x00000000
HTTP Requests
  • http://download-faster.net/trackcnt/Kvg48RpSKKFNkW8e/
  • http://maxiget.com/downloadhelperxmlnotfound.jsp
DNS Requests
  • download-faster.net
  • maxiget.com

Example 3

File Information

Size
1.3M
SHA-1
000845a75f57e28e7461b02efaea33503f8d8a4f
MD5
7be02d4b5144c9e72aad9373ee44ad75
CRC-32
3906003e
File type
Windows executable
First seen
2013-07-21

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\E2E2C533-BAB0-7891-B3E0-DE7EE5872FFF\SetupParams.ini
  • c:\Documents and Settings\test user\Application Data\Babylon\log_file.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\E2E2C533-BAB0-7891-B3E0-DE7EE5872FFF\BabyTBConf.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\crp3.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\uti2.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
    BTRS101962
  • HKCR\Prod.cap
    Info
    C?□□x□□c□ b□□I□0b□□F□0j□p'□07□0'□0C□□□□0W□0]□0s□0G□□K□0□□0]□0W□pK□0□□07□pG□p□□□□□□□□□□□□□□p□□□b□□□□
  • HKLM\SOFTWARE\BabylonToolbar\BabylonToolbar
    kw_url
    http://search.babylon.com/?affID=121631&babsrc=KW_ss&mntrId=601f769f000000000000000c292547e8&q=
  • HKLM\SOFTWARE\Babylon\Babylon Client\DefaultSettings
    SetSearch
    0x00777014
  • HKCU\Software\4shared\DownloadHelper
    AlreadyRun
    1
Registry Keys Modified
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Start Page
    http://search.babylon.com/?affID=121631&babsrc=HP_ss&mntrId=601f769f000000000000000c292547e8
Processes Created
  • c:\docume~1\support\locals~1\temp\crp3.exe
  • c:\docume~1\support\locals~1\temp\e2e2c533-bab0-7891-b3e0-de7ee5872fff\setup.exe
HTTP Requests
  • http://dl.babylon.com/site/files/Setup9/dwr/DefaultClient/DefaultClient/Default-tbdat.zpb
  • http://dl.babylon.com/site/files/Setup9/dwr/DefaultToolbar/DefaultToolbar/Setup-tbdef.zpb
  • http://info.babylon.com/stat/report.php
  • http://stp.babylon.com/downloader.php
DNS Requests
  • dl.babylon.com
  • info.babylon.com
  • stp.babylon.com
  • www.4shared.com

scarica Prova gratuita dei prodotti Sophos
Scarica subito