AnySend

By GoldSparrow in Adware

Threat Scorecard

Popularity Rank:	4,213
Threat Level:	10 % (Normal)
Infected Computers:	57,093

First Seen:	May 23, 2014
Last Seen:	February 5, 2026
OS(es) Affected:	Windows

The AnySend software from ClickMeIn Limited is promoted as a reliable file sharing application, but security researchers noticed that it came embedded with adware. The AnySend app can be downloaded from its official website and could be acquired through freeware installers as well. The AnySend software comes along with the Install Core Click application distribution platform that may install additional software on your PC. The AnySend software adds a Windows shell option to facilitate its features and may add a Browser Helper Object, an add-on, and an extension to your web browser that could be used to display marketing materials. The AnySend software may perform as promised, but its free features require you to tolerate numerous pop-ups, ads, and in-text hyperlinks. The functionality mentioned above provides reason to classify AnySend as a Potentially Unwanted Program (PUP) with adware capabilities. You might want to scan your PC for PUPs and adware with the services of a trusted anti-spyware tool.

Table of Contents

Aliases

11 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
McAfee	Artemis!3B24AC33A909
Symantec	WS.Reputation.1
GData	NSIS.Application.Vopackage.A
AntiVir	TR/Fraud.Gen7
McAfee	Artemis!77726F336234
McAfee	Artemis!254935C4969E
AVG	Clickmein.046
McAfee-GW-Edition	Artemis
Sophos	AnyProtect
K7AntiVirus	Unwanted-Program ( 004ae67e1 )
McAfee	Artemis!58879E11D7BD

SpyHunter Detects & Remove AnySend

File System Details

AnySend may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	A0132603.exe	58879e11d7bd43f7dc5f149801ea1165	3,565
Name: A0132603.exe MD5: 58879e11d7bd43f7dc5f149801ea1165 Size: 3.67 MB (3670640 bytes) Detections: 3,565 Type: Executable File Path: C:\System Volume Information\_restore{1D2673A0-62B1-4202-A15D-5BEB7280A3FA}\RP165\A0132603.exe Group: Malware file Last Updated: May 24, 2022
2.	A0132604.exe	254935c4969e78cfe09267ef4c8492d0	3,132
Name: A0132604.exe MD5: 254935c4969e78cfe09267ef4c8492d0 Size: 7.03 MB (7033968 bytes) Detections: 3,132 Type: Executable File Path: C:\System Volume Information\_restore{1D2673A0-62B1-4202-A15D-5BEB7280A3FA}\RP165\A0132604.exe Group: Malware file Last Updated: May 24, 2022
3.	A0132605.exe	77726f336234f32c03b473934d3aa29c	2,396
Name: A0132605.exe MD5: 77726f336234f32c03b473934d3aa29c Size: 175.38 KB (175384 bytes) Detections: 2,396 Type: Executable File Path: C:\System Volume Information\_restore{1D2673A0-62B1-4202-A15D-5BEB7280A3FA}\RP165\A0132605.exe Group: Malware file Last Updated: May 24, 2022
4.	AnySendShellExtension.dll	0955998c632d81a02f799555d1d3db59	2,334
Name: AnySendShellExtension.dll MD5: 0955998c632d81a02f799555d1d3db59 Size: 401.92 KB (401920 bytes) Detections: 2,334 Type: Dynamic link library Path: %PROGRAMFILES%\AnySend\AnySendShellExtension.dll Group: Malware file Last Updated: February 5, 2026
5.	NkpmG6iFRYyBo16zdQJPPe8uNkpmG6iFRYyBo16zdQJPPe8u_as.exe	484ec7b9a08e9daa573466579ca90afd	840
Name: NkpmG6iFRYyBo16zdQJPPe8uNkpmG6iFRYyBo16zdQJPPe8u_as.exe MD5: 484ec7b9a08e9daa573466579ca90afd Size: 276.51 KB (276517 bytes) Detections: 840 Type: Executable File Path: C:\Users\<username>\AppData\Local\Temp\Temp\NkpmG6iFRYyBo16zdQJPPe8uNkpmG6iFRYyBo16zdQJPPe8u\NkpmG6iFRYyBo16zdQJPPe8uNkpmG6iFRYyBo16zdQJPPe8u_as.exe Group: Malware file Last Updated: May 23, 2025
6.	AnySendSVC.exe	40b8a9639b41c1a3f3744f9ec994ab46	732
Name: AnySendSVC.exe MD5: 40b8a9639b41c1a3f3744f9ec994ab46 Size: 3.71 MB (3717720 bytes) Detections: 732 Type: Executable File Path: %PROGRAMFILES(x86)%\AnySend Group: Malware file Last Updated: May 23, 2014
7.	AnySendUI.exe	2d8802c281dec3918c22e79336ee771b	367
Name: AnySendUI.exe MD5: 2d8802c281dec3918c22e79336ee771b Size: 7.08 MB (7089240 bytes) Detections: 367 Type: Executable File Path: %PROGRAMFILES(x86)%\AnySend Group: Malware file Last Updated: May 23, 2014
8.	ASSrv.exe	fe73274ca09199b275d14874636b077d	209
Name: ASSrv.exe MD5: fe73274ca09199b275d14874636b077d Size: 67.58 KB (67584 bytes) Detections: 209 Type: Executable File Path: %APPDATA%\ASPackage Group: Malware file Last Updated: June 16, 2020
9.	setup.exe	0a188596a9813ca8a672ae82000daa3d	128
Name: setup.exe MD5: 0a188596a9813ca8a672ae82000daa3d Size: 269.18 KB (269188 bytes) Detections: 128 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\Temp\setup.exe Group: Malware file Last Updated: May 16, 2025
10.	AnySendUpdater.exe	1c36bdecf1b28c6ee7e938b22c9d125d	115
Name: AnySendUpdater.exe MD5: 1c36bdecf1b28c6ee7e938b22c9d125d Size: 175.38 KB (175384 bytes) Detections: 115 Type: Executable File Path: %PROGRAMFILES%\AnySend Group: Malware file Last Updated: May 23, 2014
11.	anysend.exe	60e6148759c4dec05cc313dd63c730d0	74
Name: anysend.exe MD5: 60e6148759c4dec05cc313dd63c730d0 Size: 1.57 MB (1571328 bytes) Detections: 74 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: July 8, 2016
12.	setupA9_.exe	f47789c152012beeb8879ebc23d8a52e	47
Name: setupA9_.exe MD5: f47789c152012beeb8879ebc23d8a52e Size: 274.43 KB (274436 bytes) Detections: 47 Type: Executable File Path: C:\Users\<username>\AppData\Local\Temp\setupA9_.exe Group: Malware file Last Updated: April 15, 2023
13.	ASPackage.exe.vir	d978b170d6b9f0dad258b9009f1a86e9	18
Name: ASPackage.exe.vir MD5: d978b170d6b9f0dad258b9009f1a86e9 Size: 267.93 KB (267938 bytes) Detections: 18 Path: F:\DATOS\AdwCleaner\Quarantine\C\Users\<username>\AppData\Roaming\ASPackage\ASPackage.exe.vir Group: Malware file Last Updated: July 2, 2021
14.	ASPackage.exe	ee220a9bc4142f3113744ed13b320165	16
Name: ASPackage.exe MD5: ee220a9bc4142f3113744ed13b320165 Size: 247.16 KB (247161 bytes) Detections: 16 Type: Executable File Path: %APPDATA%\ASPackage Group: Malware file Last Updated: April 22, 2017
15.	C:\Program Files\anysend\AnySendUI.exe	0f2992cbf2612076c7c402526b3492ff
Name: C:\Program Files\anysend\AnySendUI.exe MD5: 0f2992cbf2612076c7c402526b3492ff Type: Executable File Group: Malware file
16.	AnySendShellExtension.dll
Name: AnySendShellExtension.dll Type: Dynamic link library Group: Malware file
17.	AnySendUpdater.exe
Name: AnySendUpdater.exe Type: Executable File Group: Malware file
18.	AnySendSvc.exe
Name: AnySendSvc.exe Type: Executable File Group: Malware file

More files

Registry Details

AnySend may create the following registry entry or registry entries:

CLSID

{61628E2A-4FF9-4454-992D-D92A8CD27399}

{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}

File name without path

http_www.anysend.com_0.localstorage

http_www.anysend.com_0.localstorage-journal

Regexp file mask

%WINDIR%\System32\Tasks\AnySendUpdate

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\AnySend

SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AnySend

SOFTWARE\Classes\AnySend.Connect

SOFTWARE\Classes\AnySend.Connect.1

Software\Microsoft\Internet Explorer\DOMStorage\anysend.com

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61628E2A-4FF9-4454-992D-D92A8CD27399}

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AnySend User Interface

SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{61628E2A-4FF9-4454-992D-D92A8CD27399}

SOFTWARE\Wow6432Node\AnySend

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AnySend User Interface

SYSTEM\ControlSet001\services\AnySendService

SYSTEM\ControlSet002\services\AnySendService

SYSTEM\CurrentControlSet\services\AnySendService

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

AnySend

ASPackage

{7203C44E-08F7-471D-8C9B-349A0D17506F}

Directories

AnySend may create the following directory or directories:

%ALLUSERSPROFILE%\AnySend

%ALLUSERSPROFILE%\Application Data\AnySend

%APPDATA%\ASPackage

%APPDATA%\Microsoft\Windows\Start Menu\Programs\ASPackage

%APPDATA%\Microsoft\Windows\Start Menu\Programs\AnySend

%PROGRAMFILES%\AnySend

%PROGRAMFILES(x86)%\AnySend

%appdata%\AnySend

URLs

AnySend may call the following URLs:

AnySend.com

Analysis Report

General information

Family Name:	PUP.AnySend
Signature status:	Root Not Trusted

Known Samples

MD5: 9a244e36e0e3abaa19b5d902f3b67ccc

SHA1: 8c363e5d022e2a5760658d2c2351649ada3527ba

SHA256: 8F2DB72719C226BC09C8FE709A3B9369E6097ECD0939604C7EEDFB60F1B5AE4E

File Size: 308.26 KB, 308264 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
File Version	1.0.0.0
Legal Copyright	Copyright 2013
Product Name	setup
Product Version	1.0.0.0

Digital Signatures

Signer	Root	Status
AnySend	UTN-USERFirst-Object	Root Not Trusted

Files Modified

File	Attributes
\device\namedpipe\srvsvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsd5253.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsd533e.tmp\inetc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd533e.tmp\t1.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd533e.tmp\wmiinspector.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg598a.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nst534f.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nst534f.tmp	Synchronize,Write Attributes
c:\users\user\appdata\roaming\installw\full_setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\roaming\installw\resume.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

c:\users\user\appdata\roaming\installw\uninstall.exe	Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\windows\recent\automaticdestinations\f01b4d95cf55d32a.automaticdestinations-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey

HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\resume::displayname	Installer Package	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\resume::uninstallstring	"C:\Users\Tjafsldm\AppData\Roaming\InstallW\uninstall.exe"	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\resume::displayicon	"C:\Users\Tjafsldm\AppData\Roaming\InstallW\uninstall.exe"	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\resume::publisher		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\resume::displayversion	1.0.0.0	RegNtPreCreateKey

Windows API Usage

Category	API
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen InternetQueryOption InternetReadFile

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

AnySend

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove AnySend

File System Details

Registry Details

Directories

URLs

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Trojan.Win32.Autoit.aks

Trojan.Gatak.A

WowCoupon

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

How to Fix 'macOS cannot verify that this app is...