» gmeuuttq.exe
Overview
Analysis
File Details
Downloads (2)

gmeuuttq.exe

4shared Desktop Setup

New IT Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file gmeuuttq.exe by New IT Limited has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the New IT Desktop Setup installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dc160.4shared.com and multiple other hosts.

File name:

gmeuuttq.exe

Publisher:

New IT Solutions (signed by New IT Limited)

Product:

4shared Desktop Setup

Version:

3.3.1.1

MD5:

cd688e03deb4c2ec5f30699517cc9964

SHA-1:

033a0ee426184d4f3e90abf395d800c72c8d196e

SHA-256:

517b0d65d799095713c1b6522d3484fa733aba01119be0f1abeb87a53b6bb84b

Scanner detections:

3 / 68

Status:

Adware

Explanation:

Bundles the Conduit Toolbar and/or Conduit Search Protect.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

11/27/2024 5:44:17 PM UTC (today)

Scan engine

Detection

Engine version

Malwarebytes

PUP.Optional.4Squared

v2014.10.20.05

Reason Heuristics

PUP.Installer.NewITLimited.M

14.10.20.17

VIPRE Antivirus

Conduit

21218

File size:

4.9 MB (5,152,856 bytes)

New IT Solutions

Bundler/Installer:

New IT Desktop Setup (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\gmeuuttq.exe.part

Digital Signature

Signed by:

New IT Limited

Authority:

GoDaddy.com, Inc.

Valid from:

10/28/2010 12:33:24 PM

Valid to:

10/27/2011 11:30:06 AM

Subject:

CN=New IT Limited, O=New IT Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

27DDE55D2F337F

File PE Metadata

Compilation timestamp:

4/10/2010 9:19:31 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:lvxr8N/d+O0iJlls2ENjnEBoUqtQIYfog5L/kDqkm6awG35dM3nWAZoeA:lvF8+OT+2GE2/lYAILsD1mdwq7nAZzA

Entry address:

0x354B

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00... 
[+]

Entropy:

7.9943

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

The file gmeuuttq.exe has been seen being distributed by the following 2 URLs.

http://dc160.4shared.com/download/.../4shared_Desktop_331.exe

http://dc159.4shared.com/download/.../4shared_Desktop_331.exe

Remove gmeuuttq.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.