bearsharesetup-r8-n-bc.exe

BearShare

Musiclab, LLC

The application bearsharesetup-r8-n-bc.exe, “BearShare Install” by Musiclab has been detected as a potentially unwanted program by 18 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download13.cdn.bearshare.com.
Publisher:
Musiclab, LLC  (signed and verified)

Product:
BearShare

Description:
BearShare Install

Version:
12.0.0.135802

MD5:
cd4f9561a4fddc2bd9f8ef191817730f

SHA-1:
c12b7c1f6e72eb0097d0e608da289e55bd3f517e

SHA-256:
858ad74946b802634ef0c93bff3d1361b330c06bfebd3d7b238d73fe0dc1e611

Scanner detections:
18 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/26/2024 1:06:49 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/SearchSuite.aoeq
8.3.2.4

AVG
SearchSuite
2017.0.2843

Baidu Antivirus
PUA.Win32.BearShare
4.0.3.1624

Bkav FE
W32.HfsAdware
1.3.0.7383

Comodo Security
Application.Win32.BearShare.K
23773

Dr.Web
Adware.Bandoo.217
9.0.1.035

ESET NOD32
Win32/Toolbar.SearchSuite.W potentially unwanted application
10.7.0.302.0

G Data
Win32.Application.InstallCore.EH
16.2.25

IKARUS anti.virus
PUA.Toolbar.SearchSuite
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.18116

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.711

Malwarebytes
PUP.Optional.MusicToolBar
v2016.02.04.08

NANO AntiVirus
Riskware.Win32.Bandoo.dyvbeg
1.0.10.5081

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.Optional.Musiclab.Installer
16.2.4.20

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16202

SUPERAntiSpyware
PUP.BearShare/Variant
9343

VIPRE Antivirus
Threat.4150696
45802

File size:
1.5 MB (1,580,584 bytes)

Product version:
12.0.0.135802

Copyright:
Copyright (C) 2015

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\bearsharesetup-r8-n-bc.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
3/24/2014 2:00:00 AM

Valid to:
5/6/2016 2:59:59 AM

Subject:
CN="Musiclab, LLC", OU=SECURE APPLICATION DEVELOPMENT, O="Musiclab, LLC", L=New York, S=New York, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
173B32DBD2DED392F3E170A844CA0B83

File PE Metadata
Compilation timestamp:
2/24/2012 9:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:qgJJGasR9FOUlzblRNw/s6v09dLcAScJ5gloPTHyXCJJuYlt2N30Vk72+NVmDF:PJJZglFRN7T9dLcASW7Tc2+NVmDF

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
7.8822

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file bearsharesetup-r8-n-bc.exe has been seen being distributed by the following URL.

Remove bearsharesetup-r8-n-bc.exe - Powered by Reason Core Security