shareazasetup-r20-n-bc.exe

Shareaza

Bandoo Media Inc

The application shareazasetup-r20-n-bc.exe by Bandoo Media Inc has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download.shareazaweb.com and multiple other hosts.
Publisher:
Bandoo Media Inc  (signed and verified)

Product:
Shareaza

Description:
Shareaza Install

Version:
9.0.0.136248

MD5:
dda8a0f229ca4bdef38ebe64da09ebc3

SHA-1:
8ff1add3ba5891833c34578a3a50b40f996a0c08

SHA-256:
827b096f162e424ffd064b5c38c3fff45e85aee677a73e8873b3266cd4ad8361

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/25/2024 12:48:56 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.SearchSuite
7.1.1

avast!
Win32:Adware-gen [Adw]
2014.9-151030

AVG
Generic
2016.0.2940

Baidu Antivirus
PUA.Win32.SearchSuite
4.0.3.151030

Clam AntiVirus
Win.Adware.Adgazelle-42
0.98/21511

Dr.Web
Adware.Bandoo.345
9.0.1.0303

ESET NOD32
Win32/Toolbar.SearchSuite.W potentially unwanted
9.12490

G Data
Win32.Application.InstallCore.EH
15.10.25

IKARUS anti.virus
PUA.Toolbar.SearchSuite
t3scan.1.9.5.0

Malwarebytes
PUP.Optional.Bandoo
v2015.10.30.03

McAfee
Artemis!DDA8A0F229CA
5600.6596

NANO AntiVirus
Riskware.Win32.Bandoo.dygvcd
0.30.26.3947

Reason Heuristics
Win32.Generic.Bandoo.Installer.Meta
15.10.30.15

Rising Antivirus
PE:AdWare.Win32.BearShare.b!1615066 [F]
23.00.65.151028

ViRobot
Adware.Bandoo.1485176[h]
2014.3.20.0

Zillya! Antivirus
Worm.VBNA.Win32.259094
2.0.0.2482

File size:
1.4 MB (1,485,176 bytes)

Product version:
9.0.0.136248

Copyright:
Copyright (C) 2015

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\downloads\shareazasetup-r20-n-bc.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
10/19/2015 3:00:00 AM

Valid to:
10/5/2016 2:59:59 AM

Subject:
CN=Bandoo Media Inc, O=Bandoo Media Inc, L=Panama City, S=Panama, C=PA

Issuer:
CN=thawte SHA256 Code Signing CA - G2, O="thawte, Inc.", C=US

Serial number:
6B956A6578BE9947ED82830D03DF2E2E

File PE Metadata
Compilation timestamp:
2/24/2012 9:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:Qp794tsR9FOUrbchI3vZs6vVgWJ4FB+2IFLrXYMPphvf/zjd8YluIfOj:G4tgUI/OigQ2gLrYAPf/CM2

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file shareazasetup-r20-n-bc.exe has been seen being distributed by the following 6 URLs.

Remove shareazasetup-r20-n-bc.exe - Powered by Reason Core Security