Adware.TopShape.me

By CagedTech in Adware

Threat Scorecard

Popularity Rank:	14,116
Threat Level:	20 % (Normal)
Infected Computers:	18,674

First Seen:	September 7, 2015
Last Seen:	March 30, 2026
OS(es) Affected:	Windows

Table of Contents

SpyHunter Detects & Remove Adware.TopShape.me

File System Details

Adware.TopShape.me may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	softwareupdate.exe	5efa3a66b87d70a06dd95e03879702c7	8,338
Name: softwareupdate.exe MD5: 5efa3a66b87d70a06dd95e03879702c7 Size: 917.5 KB (917504 bytes) Detections: 8,338 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\topshape-b4\softwareupdate.exe Group: Malware file Last Updated: January 29, 2026
2.	topshape_setup_wJ6GDN92IGLUL1LT0AFD08L6.exe	c4b67a8aae4912db0be788916b01e6f6	53
Name: topshape_setup_wJ6GDN92IGLUL1LT0AFD08L6.exe MD5: c4b67a8aae4912db0be788916b01e6f6 Size: 1.42 MB (1420264 bytes) Detections: 53 Type: Executable File Path: C:\Users\<username>\Downloads\topshape_setup_wJ6GDN92IGLUL1LT0AFD08L6.exe Group: Malware file Last Updated: July 9, 2024
3.	ShapeSrv.exe	cf302a6787813cfff0b1a1c531e5fb4d	13
Name: ShapeSrv.exe MD5: cf302a6787813cfff0b1a1c531e5fb4d Size: 1.4 MB (1405440 bytes) Detections: 13 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\TopShape-P1\ShapeSrv.exe Group: Malware file Last Updated: February 12, 2022
4.	topshape-1005[1].exe	a8023d3a900afdb7f913cdf5133669b2	5
Name: topshape-1005[1].exe MD5: a8023d3a900afdb7f913cdf5133669b2 Size: 1.42 MB (1426987 bytes) Detections: 5 Type: Executable File Path: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\topshape-1005[1].exe Group: Malware file Last Updated: August 19, 2024
5.	topshape_ie.exe	d17dd6843a76c0a5833079915f5a5f83	5
Name: topshape_ie.exe MD5: d17dd6843a76c0a5833079915f5a5f83 Size: 1.43 MB (1435792 bytes) Detections: 5 Type: Executable File Path: C:\Users\<username>\Downloads\topshape_ie.exe Group: Malware file Last Updated: May 28, 2022

More files

Registry Details

Adware.TopShape.me may create the following registry entry or registry entries:

File name without path

www.topshape[1].xml

HKEY..\..\..\..{RegistryKeys}

Software\Microsoft\Internet Explorer\DOMStorage\topshape.me

Software\Microsoft\Internet Explorer\DOMStorage\www.topshape.me

SOFTWARE\TopShape

SOFTWARE\TopShape-B3

SOFTWARE\TopShape-B3_mo

SOFTWARE\TopShape.me_mo

SOFTWARE\TopShape_mo

SOFTWARE\Wow6432Node\TopShape

SOFTWARE\Wow6432Node\TopShape-B3

SOFTWARE\Wow6432Node\TopShape-B3_mo

SOFTWARE\Wow6432Node\TopShape.me

SOFTWARE\Wow6432Node\TopShape.me_mo

SOFTWARE\Wow6432Node\TopShape_mo

SYSTEM\ControlSet001\services\TopShape Service

SYSTEM\ControlSet001\Services\TopShape-B3 Service

SYSTEM\ControlSet002\services\TopShape Service

SYSTEM\ControlSet002\Services\TopShape-B3 Service

SYSTEM\CurrentControlSet\services\TopShape Service

SYSTEM\CurrentControlSet\Services\TopShape-B3 Service

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

TopShape

TopShape-B3

Directories

Adware.TopShape.me may create the following directory or directories:

%APPDATA%\TopShape-B4

%APPDATA%\TopShape-B7

%Appdata%\TopShape

%Appdata%\TopShape-B3

%Appdata%\TopShape.me

%PROGRAMFILES%\TopShape-B3

%PROGRAMFILES(x86)%\TopShape-B3

Analysis Report

General information

Family Name:	Adware.TopShape.me
Signature status:	Self Signed

Known Samples

MD5: f45fbf54e45e2a21ba3b29e399cfc798

SHA1: c590aeaaefe78d01ee57582131cb219ca434aae7

SHA256: AD91AF4D9F835550462B15D9A1F8229E0EAFC639C0C31459CE3BAF7876574CDC

File Size: 1.43 MB, 1434592 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	Keen Internet Technologies
File Description	TopShape.me
File Version	1.0.0.4
Legal Copyright	Keen Internet Technologies
Product Name	TopShape.me
Product Version	9898.98

Digital Signatures

Signer	Root	Status
Boian Mihailov	thawte SHA256 Code Signing CA	Self Signed

File Traits

Installer Manifest
nosig nsis
Nullsoft Installer
x86

Files Modified

File	Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca832.tmp\inetc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca832.tmp\nsexec.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca832.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha852.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha852.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nstaa67.tmp	Generic Write,Read Attributes
c:\users\user\appdata\roaming\topshape.me\softwareupdate.exe	Generic Write,Read Attributes
c:\users\user\appdata\roaming\topshape.me\softwareupdate.exe	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\software\wow6432node\topshape.me::install_params		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey

HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKLM\software\wow6432node\topshape.me::install_dir	C:\Users\Ppmdkdab\AppData\Roaming\TopShape.me	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\topshape.me::displayversion	1.0.0.4	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\topshape.me::displayname	TopShape.me	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\topshape.me::publisher	Keen Internet Technologies	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\topshape.me::uninstallstring	"C:\Users\Ppmdkdab\AppData\Roaming\TopShape.me\uninstall.exe"	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\topshape.me::displayicon	"C:\Users\Ppmdkdab\AppData\Roaming\TopShape.me\SoftwareUpdate.exe"	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\topshape.me::estimatedsize	΀	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey

Windows API Usage

Category	API
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen InternetQueryOption InternetReadFile InternetSetOption
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess
Service Control	OpenSCManager OpenService StartService
Syscall Use	ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateSemaphore ntdll.dll!NtDuplicateObject ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory Show More ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenSection ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile UNKNOWN
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation

Shell Command Execution


							C:\Users\Ppmdkdab\AppData\Roaming\TopShape.me\SoftwareUpdate.exe /uninstall


							C:\Users\Ppmdkdab\AppData\Roaming\TopShape.me\SoftwareUpdate.exe /install


							sc failure "Software Updater Service"  actions= restart/60000/restart/60000// reset= 86400

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Adware.TopShape.me

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Adware.TopShape.me

File System Details

Registry Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

HTTP Error 401 Invalid Security Token Email Scam

Giant Coupons Official Extension

Chainbridgeworks.co.in

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen