home

desktop.exe

Desktop

4sync Inc.

The application desktop.exe by 4sync has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address c-b390-u0741-90.webazilla.com on port 443.
Publisher:
New IT Solutions  (signed by 4sync Inc.)

Product:
Desktop

Version:
4.0.13.26744

MD5:
c1851594f47c45430ef6c53e886fc546

SHA-1:
ba558e853a214e0133c4ea3e070ff06562035fb3

SHA-256:
2bc7809d19a3f7ffcea8b097223e0fbd46c43e37c55d830ea2bf27fdab593786

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 2:02:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.NewITSolutions.Meta (L)
15.6.19.9

File size:
13.8 MB (14,479,320 bytes)

Product version:
4.0

Copyright:
New IT Solutions

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\4shared desktop\desktop.exe

Digital Signature
Signed by:
4sync Inc.

Authority:
GoDaddy.com, Inc.

Valid from:
10/22/2013 3:26:47 AM

Valid to:
10/22/2016 3:26:47 AM

Subject:
CN=4sync Inc., O=4sync Inc., L=San Francisco, S=California, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B26471C28D70E

File PE Metadata
Compilation timestamp:
9/12/2014 12:57:12 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:0xodZVzkyiEmzhOWCN4+5eGOVg89EAwez/12sob:0xodPzkyiEmzhOW4r5eGOVgDAwezNR4

Entry address:
0x8D2FF0

Entry point:
55, 8B, EC, 83, C4, EC, 53, 33, C0, 89, 45, EC, B8, A4, 2B, CB, 00, E8, FA, D5, 73, FF, 33, C0, 55, 68, 3A, 31, CD, 00, 64, FF, 30, 64, 89, 20, 8D, 45, EC, 8B, 15, 84, 84, CF, 00, 8B, 12, E8, 04, 8E, 73, FF, 8B, 55, EC, B9, 01, 00, 00, 00, B8, 54, 31, CD, 00, E8, D6, 93, 73, FF, 8B, D8, 68, 70, 31, CD, 00, 68, 90, 31, CD, 00, E8, 31, 24, 74, FF, 85, C0, 75, 0F, 68, 70, 31, CD, 00, 68, A0, 31, CD, 00, E8, 1E, 24, 74, FF, 85, C0, 74, 3E, 85, DB, 7E, 11, A1, 84, 85, CF, 00, 8B, 00, E8, A2, A3, 96, FF, E9, B1...
 
[+]

Entropy:
6.1903

Developed / compiled with:
Microsoft Visual C++

Code size:
8.8 MB (9,248,768 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to c-k330-u1008-172.webazilla.com  (199.101.133.172:80)

TCP (HTTP SSL):
Connects to c-b390-u0736-85.webazilla.com  (74.117.178.85:443)

TCP (HTTP SSL):
Connects to a23-7-120-231.deploy.static.akamaitechnologies.com  (23.7.120.231:443)

TCP (HTTP):
Connects to c-k330-u1108-51.webazilla.com  (199.101.133.51:80)

TCP (HTTP):
Connects to cache.google.com  (41.206.96.154:80)

TCP (HTTP SSL):
Connects to c-r102-uc0073-156.webazilla.com  (208.88.227.156:443)

TCP (HTTP):
Connects to c-k330-u1011-175.webazilla.com  (199.101.133.175:80)

TCP (HTTP SSL):
Connects to c-b390-u0741-90.webazilla.com  (74.117.178.90:443)

TCP (HTTP SSL):
Connects to c-b390-u0734-83.webazilla.com  (74.117.178.83:443)

TCP (HTTP SSL):
Connects to a23-75-141-92.deploy.static.akamaitechnologies.com  (23.75.141.92:443)

TCP (HTTP SSL):
Connects to a104-105-138-218.deploy.static.akamaitechnologies.com  (104.105.138.218:443)

Remove desktop.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.