bshkill.exe

Bad Shortcut Killer

WareSoft Software

The application bshkill.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. This file is typically installed with the program Toolwiz Time Freeze 2016 by ToolWiz. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
WareSoft Software

Product:
Bad Shortcut Killer

Version:
Bad Shortcut Killer

MD5:
c9e598743e36806f645da6e1e899578e

SHA-1:
e52ad2b3d300ae0c1e9d599520489b5c5f750689

SHA-256:
34f1b7dc526321ff65f280f1258d5415e1698a005baca9e96c9c6e75d960492e

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
11/24/2024 8:09:55 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/InstallMonetizer.AU
8.9785

Reason Heuristics
PUP.InstallMonetizer.Bundle (M)
16.3.10.15

File size:
1.7 MB (1,765,084 bytes)

Product version:
2.0

Copyright:
© Copyright 2011 - 2013 WareSoft Software

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\bshkill.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:C9UkGRXcw4pxnaauYANtoEeLFDCqwqH+J8bIqn6Di:MUkGRMwOobpGDCIV8Ski

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file bshkill.exe has been discovered within the following program.

www.Toolwiz.com
About 4% of users remove it
 
Powered by Should I Remove It?

The file bshkill.exe has been seen being distributed by the following 3 URLs.

https://dw.uptodown.com/dwn/2Xx6mSbKHOPKkbum5LzgKFZGHN9Xs8Gt5pxgfMrZcWV39NlJEvEFAIjo3eL21ZXRVi0FdCEWf9TKgpGy3TfmW5c4sG6OnKgp8rrhqE9uwwq736SGI2qKpkcaVBtlrAQz/OuUBybIutXYLvrhYCzm8dvfZnf3BgVrcnm7XjFGT0kXKr_ahsvxm73FpQg9i0dJL2BgKwuvtmaCqUjssld2s6-9YHuCupqItTMXl9ywWEEvN6gRv2sqAdG_hAwbQLIwM/ASX6qiH3nCAq2FWbqB7wVRojGK22d4VjOLciNpha1hg3LcJ3Rn2NXVUQtTVWnK2b7YQPT65bPggIzxFnqnP3gDqR5I-4zQ_0-86VgrG_kdYZa0zUmKQqAKVCjyDRkgAR/.../

http://www.majorgeeks.com/index.php?ct=files&action=download&

Remove bshkill.exe - Powered by Reason Core Security