bearshare_setup.exe

MusicLab LLC

The application bearshare_setup.exe, “BearShare ” by MusicLab has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from windows.indir.com and multiple other hosts.
Publisher:
Musiclab, LLC   (signed by MusicLab LLC)

Description:
BearShare

Version:
10.0.0.117589

MD5:
567e390732aa6dd86f2c5d2f75ce5943

SHA-1:
83368b639da0d1fca711c55ca83f3935d95bf4ba

SHA-256:
778b50b130d2558101ae9159296aeec61873a8f8ece677f82235d6b0aab63092

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 9:45:05 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Bandoo.249
9.0.1.05190

ESET NOD32
Detection.Undefined
7.0.302.0

McAfee
Trojan.Artemis!567E390732AA
17.6.569.0

Microsoft Security Essentials
Threat.Undefined
1.199.229.0

Reason Heuristics
PUP.Installer.MusicLab
15.5.24.12

Trend Micro House Call
Suspicious_GEN.F47V1223
7.2.144

File size:
2.2 MB (2,357,832 bytes)

Copyright:
Copyright (c) 2011

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\bearshare_setup.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
3/15/2011 2:00:00 AM

Valid to:
5/28/2013 2:59:59 AM

Subject:
CN=MusicLab LLC, OU=SECURE APPLICATION DEVELOPMENT, O=MusicLab LLC, L=New York, S=New York, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7467B5664E4AF3C19E681F3E6D468C31

File PE Metadata
Compilation timestamp:
4/15/2009 11:43:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:nwMLUkwr3NWSOt8npWC7nqkfOb+L3MxJ1sJtdmD:nwMLUz3gLsp5TDEJytdmD

Entry address:
0x12A70

Entry point:
6A, 60, 68, B8, A2, 41, 00, E8, C0, 03, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 28, 18, 00, 00, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, E8, A0, 41, 00, 8B, 4E, 10, 89, 0D, 24, 0D, 42, 00, 8B, 46, 04, A3, 30, 0D, 42, 00, 8B, 56, 08, 89, 15, 34, 0D, 42, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 28, 0D, 42, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 28, 0D, 42, 00, C1, E0, 08, 03, C2, A3, 2C, 0D, 42, 00, 33, F6, 56, 8B, 3D, A8, A1, 41, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
96.5 KB (98,816 bytes)

The file bearshare_setup.exe has been seen being distributed by the following 2 URLs.

http://windows.indir.com/kaydet.php?x=T1VCQVFDRWhJUzVCYzI0ck5HWWxiVFZOfHx8MzI0ZDlhNWU0YzAxZTI4ZjFjOTEyMjhhYzBjNjIwMTA=&m=1

Remove bearshare_setup.exe - Powered by Reason Core Security