bearshare_setup.exe

MusicLab LLC

The application bearshare_setup.exe, “BearShare ” by MusicLab has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from apps.gagui.org.
Publisher:
Musiclab, LLC   (signed by MusicLab LLC)

Description:
BearShare

Version:
10.0.0.130688

MD5:
b81804add0f811366955d9f300b317fe

SHA-1:
14ce113e1e7aef45c7e8b7c631ca856d157f5aac

SHA-256:
efa535ec67a1877c0d3c9c618f110dc3ec661cf852807f72495de91d00ed2bd1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/5/2024 7:00:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.MusicLab.P
14.7.14.22

File size:
2.4 MB (2,481,336 bytes)

Copyright:
Copyright (c) 2011

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\bearshare_setup.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
3/15/2011 7:00:00 AM

Valid to:
5/28/2013 6:59:59 AM

Subject:
CN=MusicLab LLC, OU=SECURE APPLICATION DEVELOPMENT, O=MusicLab LLC, L=New York, S=New York, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7467B5664E4AF3C19E681F3E6D468C31

File PE Metadata
Compilation timestamp:
4/16/2009 3:43:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:fwMLUkdYozBh3ZWjk7vmjji5YRtKWldJGQV6j/A9RSjBpNid:fwMLUqBd4jOvmjj0IK+dDR9Az

Entry address:
0x12A70

Entry point:
6A, 60, 68, B8, A2, 41, 00, E8, C0, 03, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 28, 18, 00, 00, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, E8, A0, 41, 00, 8B, 4E, 10, 89, 0D, 24, 0D, 42, 00, 8B, 46, 04, A3, 30, 0D, 42, 00, 8B, 56, 08, 89, 15, 34, 0D, 42, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 28, 0D, 42, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 28, 0D, 42, 00, C1, E0, 08, 03, C2, A3, 2C, 0D, 42, 00, 33, F6, 56, 8B, 3D, A8, A1, 41, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
96.5 KB (98,816 bytes)

The file bearshare_setup.exe has been seen being distributed by the following URL.

Remove bearshare_setup.exe - Powered by Reason Core Security