BearShare.exe

BearShare

Free Peers, Inc.

The application BearShare.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. This setup program installs potentially unwanted software on the user's PC at the same time as the expected/marketing software, without adequate consent. The program is typically installed via a form of malvertising While running, it connects to the Internet address s529d9a59.adsl.online.nl on port 6346.
Publisher:
Free Peers, Inc.

Product:
BearShare

Version:
5.2.5.6

MD5:
467a181130060cb7f0010a3069a4d9f9

SHA-1:
b0333744295cd4a3975c47b81af5a49e8210af7a

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 7:44:20 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
PUA.Packed.Armadillo
0.98/17211

Emsisoft Anti-Malware
Riskware.SoftwareBundler.BearShare!IK
8.14.09.23.01

IKARUS anti.virus
not-a-virus.SoftwareBundler.BearShare
t3scan.1.1.90.0

McAfee
Artemis!467A18113006
5600.6998

Microsoft Security Essentials
SoftwareBundler:Win32/BearShare
1.163.1557.0

File size:
3.2 MB (3,313,664 bytes)

Product version:
5.2.5

Copyright:
Copyright © 2003 Free Peers, Inc. All Rights Reserved Worldwide.

Original file name:
BearShare.exe

File type:
Executable application (Win32 EXE)

Language:
Polish

Common path:
C:\Program Files\bearshare\bearshare.exe

File PE Metadata
Compilation timestamp:
8/1/2006 11:02:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
83.82

CTPH (ssdeep):
49152:4fsCVP02jnZOfS8N/W5kigouKgK2c/9e+Ke80QByGGZjfX9:4sCuD1N/uuP6/9ec33jfX9

Entry address:
0x523000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 50, 51, 0F, CA, F7, D2, 9C, F7, D2, 0F, CA, EB, 0F, B9, EB, 0F, B8, EB, 07, B9, EB, 0F, 90, EB, 08, FD, EB, 0B, F2, EB, F5, EB, F6, F2, EB, 08, FD, EB, E9, F3, EB, E4, FC, E9, 9D, 0F, C9, 8B, CA, F7, D1, 59, 58, 50, 51, 0F, CA, F7, D2, 9C, F7, D2, 0F, CA, EB, 0F, B9, EB, 0F, B8, EB, 07, B9, EB, 0F, 90, EB, 08, FD, EB, 0B, F2, EB, F5, EB, F6, F2, EB, 08, FD, EB, E9, F3, EB, E4, FC, E9, 9D, 0F, C9, 8B, CA, F7, D1, 59, 58, 50, 51, 0F, CA, F7, D2, 9C, F7, D2, 0F, CA, EB, 0F, B9, EB...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
320 KB (327,680 bytes)

Windows Firewall Allowed Program
Name:
D:\Program Files\BearShare\BearShare.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 94.31.0.55.IPYX-076665-ZYO.above.net  (94.31.0.55:80)

TCP:
Connects to p54A956F9.dip0.t-ipconnect.de  (84.169.86.249:6346)

TCP:
Connects to x1-6-04-a1-51-13-85-d0.cpe.webspeed.dk  (83.92.101.240:6346)

TCP (HTTP):
Connects to srv3.seekar.com  (66.98.222.3:80)

TCP:
Connects to abvt128.neoplus.adsl.tpnet.pl  (83.8.217.128:6346)

TCP:
Connects to 190-48-229-252.speedy.com.ar  (190.48.229.252:6348)

TCP:
Connects to s529d9a59.adsl.online.nl  (82.157.154.89:6346)

TCP:
Connects to p54A9A342.dip0.t-ipconnect.de  (84.169.163.66:6000)

TCP:
Connects to p50915CED.dip0.t-ipconnect.de  (80.145.92.237:6348)

TCP:
Connects to m83-184-208-212.cust.tele2.se  (83.184.208.212:6348)

TCP:
Connects to i577BA752.versanet.de  (87.123.167.82:6348)

TCP:
Connects to i5387918C.versanet.de  (83.135.145.140:6346)

TCP:
Connects to fl1-dsl-72-49-29-207.fuse.net  (72.49.29.207:6346)

TCP:
Connects to dou159.neoplus.adsl.tpnet.pl  (83.24.128.159:6346)

TCP:
Connects to des169.neoplus.adsl.tpnet.pl  (83.23.122.169:6346)

TCP:
Connects to cust-5286e889.wba.access.stipte.nl  (82.134.232.137:6346)

TCP:
Connects to cust.151828.bntpsdae08r.sdnet.net  (66.115.202.35:6348)

TCP:
Connects to cml182.neoplus.adsl.tpnet.pl  (83.31.139.182:6348)

TCP:
Connects to cm-62.179.194.244.chello.no  (62.179.194.244:6348)

TCP:
Connects to bft242.neoplus.adsl.tpnet.pl  (83.28.57.242:6346)

Remove BearShare.exe - Powered by Reason Core Security