» socksharedownloader4.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)

socksharedownloader4.exe

SockshareDownloader

Install Lab ltd.

The application socksharedownloader4.exe by Install Lab ltd has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. This file is typically installed with the program SockshareDownloader by SockshareDownloader.com. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cmpsmarter-downloader.maynemyltf.netdna-cdn.com.

File name:

Publisher:

Cool Mirage (signed by Install Lab ltd.)

Product:

SockshareDownloader

Version:

1.1.4.0

MD5:

aaa188bb375f7edbbe5e6bc28d47dee3

SHA-1:

00842bad7ba1007a8fc91fb8dec328217f69bef1

SHA-256:

534eab5f0464de761a0eafc7220b466ba7629ae9c98aebf0363de29a7ab4783b

Scanner detections:

1 / 68

Status:

Adware

Explanation:

The installer bundles additional adware-type offers (ad-supported) that are displayed to the user during setup and typically installed by default. These include web browser ad-injectors.

Analysis date:

11/30/2024 8:02:49 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.OneClickDownloader.InstallL (M)

16.3.30.4

File size:

2.5 MB (2,673,144 bytes)

Product version:

1.1.4.0

Original file name:

SockshareDownloader.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\socksharedownloader4.exe

Digital Signature

Signed by:

Install Lab ltd.

Authority:

Thawte, Inc.

Valid from:

10/13/2013 2:00:00 AM

Valid to:

10/14/2014 1:59:59 AM

Subject:

CN=Install Lab ltd., O=Install Lab ltd., L=Tel Aviv, S=Tel Aviv, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

408CEA01026979279F7844366EFF6D80

File PE Metadata

Compilation timestamp:

7/15/2013 6:44:04 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

49152:CYDHZK6KDT1Y8D+2kUXbvKUeeZsssgMzAtwi2NlRp3j2J3pK761Y8SeHDTRz3P9d:DDXk1ZkAmUeeZsssjEtwi2yJ5p13DTZL

Entry address:

0x288C2E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

2.5 MB (2,649,600 bytes)

The file socksharedownloader4.exe has been discovered within the following program.

SockshareDownloader by SockshareDownloader.com

About 4% of users remove it

The file socksharedownloader4.exe has been seen being distributed by the following URL.

http://cmpsmarter-downloader.maynemyltf.netdna-cdn.com/SockshareDownloader4.exe

Remove socksharedownloader4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.