Multi-License Discount Quote

Change Region

English
Threat Database Browser Hijackers 4Shared Toolbar

4Shared Toolbar

By CagedTech in Browser Hijackers

Threat Scorecard

Popularity Rank: 7,626
Threat Level: 50 % (Medium)
Infected Computers: 500
First Seen: January 14, 2014
Last Seen: October 8, 2025
OS(es) Affected: Windows

SpyHunter Detects & Remove 4Shared Toolbar

Registry Details

4Shared Toolbar may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
Software\Microsoft\Internet Explorer\Approved Extensions\{fe0f50c5-d0f3-409b-b403-0b7791b29c98}
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{FE0F50C5-D0F3-409B-B403-0B7791B29C98}
Software\Microsoft\Internet Explorer\URLSearchHooks\{fe0f50c5-d0f3-409b-b403-0b7791b29c98}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{fe0f50c5-d0f3-409b-b403-0b7791b29c98}

Directories

4Shared Toolbar may create the following directory or directories:

%PROGRAMFILES(X86)%\4shared
%USERPROFILE%\AppData\LocalLow\4shared

Analysis Report

General information

Family Name: 4Shared Toolbar
Signature status: No Signature

Known Samples

MD5: da2c49611b8ccfcdd1c30b60f523e86c
SHA1: fcdf81257b862aad763fa458893f17bbe7007ed9
SHA256: 103C3703A915F2548B0FF07EBB6731906683B2F41CD3471AAAF38C5C799D8394
File Size: 353.28 KB, 353280 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments An
Company Name SPC LLC
File Description DWD
File Version 3, 3, 22, 0
Internal Name trnrt
Legal Copyright 2013
Legal Trademarks -
Product Name SuperCharging
Product Version 3, 3, 22, 0

File Traits

  • x86

Block Information

Total Blocks: 1,900
Potentially Malicious Blocks: 6
Whitelisted Blocks: 1,483
Unknown Blocks: 411

Visual Map

? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? x ? ? ? ? ? ? ? ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 ? ? ? ? ? 0 ? ? ? 0 ? 0 ? 0 0 0 ? ? ? 0 0 0 0 ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? 0 0 ? ? ? ? 0 0 ? 0 0 0 0 ? ? ? ? ? ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? 0 ? ? x 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? 0 ? ? 0 ? 0 ? ? ? 0 0 ? ? 0 ? 0 0 ? ? ? 0 0 ? ? 0 0 ? 0 0 ? 0 0 ? 0 ? ? 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 ? ? ? ? ? ? x ? ? 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 x 0 0 0 0 0 0 0 0 ? ? ? ? ? x 0 ? ? ? 0 0 0 0 ? ? ? ? ? ? 0 0 ? 0 0 0 0 0 0 0 ? ? 0 ? 0 ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? 0 0 ? 0 ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? ? ? 0 ? ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 ? 0 0 0 0 ? ? 0 0 0 0 ? 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 ? ? ? 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? 0 0 0 0 ? ? ? 0 0 0 0 ? ? 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 ? ? 0 ? 0 0 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 ? 0 ? ? 0 ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? ? ? ? ? ? 0 0 0 0 ? ? ? 0 0 0 ? 0 0 0 0 ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 1 1 1 0 0 0 0 2 0 0 0 0 0 0 1 0 0 1 1 0 1 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 1 1 1 0 3 1 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 0 0 0 0 0 1 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 1 0 0 0 0 0 1 1 0 0 0 1 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 1 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 1 0 0 1 1 0 0 1 0 1 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state  RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes (NULL) RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes  RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state  RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • ShellExecuteEx
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtOpenFile
Show More
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetValueKey
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState

Shell Command Execution

open http://download-faster.net/error.jsp?msg=downloadhelperxmlnotfound

Trending

Most Viewed

Loading...