Cotação de desconto para licenças múltiplas

Mudar de região

English Português
Banco de Dados de Ameaças Adware Topshape.me

Topshape.me

Por GoldSparrow em Adware
Traduzir Para:

Cartão de pontuação de ameaças

Popularity Rank: 14,116
Nível da Ameaça: 20 % (Normal)
Computadores infectados: 18,674
Visto pela Primeira Vez: September 7, 2015
Visto pela Última Vez: March 30, 2026
SO (s) Afetados: Windows

Topshape.me é um domínio que está registrado no endereço IP 104.27.135.121. O Topshape.me é usado para promover uma ferramenta de monitoramento de atualização de software chamada 'TopShape.me' (a.k.a. 'TopShape-B3'). As ferramentas 'TopShape.me' viajam em pacotes de freeware. No entanto, alguns internautas podem se deparar com janelas pop-up nos seus navegadores do:

h[tt]p://www.topshape[.]me/builds/download.php?cid=[string of 23 random characters]

Os pop-ups que promovem o 'TopShape.me' apresentam nomes como 'TopShape Download Page' e recomendam que os usuários baixem e instalem o software 'TopShape.me'. Os usuários de PC podem ser induzidos a acreditar que o 'TopShape.me' pode ajudá-los a instalar as versões mais recentes dos drivers de hardware desatualizados. Infelizmente, o instrumento de atualização de software do 'TopShape.me' não possui uma interface de usuário e foi projetado para ser executado no segundo plano do sistema, como o seguinte processo:

C:\Users\username\AppData\Roaming\topshape\softwareupdate.exe — (SHA-256: 77a40defd63a373a446d700553e2bbb567e7db4964ac9a0d14de5f327672ad72)

As janelas pop-up do 'TopShape Download Page' podem levar os usuários a fazer o download de arquivos com os seguintes nomes:

topshape_setup_w1F03JD6HE8SBOCDHTK6GG9E.exe (SHA-256: a5c53d3f7fdaabfaca267f37254566549f4fddd5f2c781f8dab14fb409fe5f08)
topshape_setup.exe (SHA-256: 79b7810b93ccbf04b9fed9bb396f937ea90d0f859f0c6bef8d9d44254c8ce0f1)
topshape_ed.exe (SHA-256: f7e4972a027ab3a98b9f651509541d172ea4a507ebc4ffd299badfc6059ad23d)
135370689.exe(SHA-256: a7c392173fe885bc7146d81cf04706b0ac4ae2e8564751c4ddbbf1daddc2748a)

Todas as versões do instalador do 'TopShape.me' parecem apresentar uma assinatura digital da Keen Internet Technologies. A empresa não parece estar listada como um provedor válido de serviços na Internet. Observa-se no topshape.me/legal/privacy que o programa 'TopShape.me' coleta informações não pessoalmente identificáveis para mostrar materiais de marketing personalizados. O processo 'softwareupdate.exe' do 'TopShape.me' pode injetar código no navegador da Web e exibir anúncios na forma de janelas pop-up, textos com hiperlinks e resultados de pesquisa patrocinados no Google.com.

O software 'TopShape.me' é categorizado como um Programa Potencialmente Indesejado (PPI), que pode exibir materiais promocionais no seu navegador e redireciona-lo para páginas inseguras. Os mecanismos AV são conhecidos por sinalizar os arquivos do Topshape.me com os seguintes nomes de detecção:

  • Adware.Keenm.1
  • BehavesLike.Win32.Dropper.th
  • GrayWare[Downloader]/Win32.Adload.gen
  • ML.Attribute.HighConfidence
  • PUP.TopShape/Variant
  • Suspicious_GEN.F47V0420
  • Trojan.Injector.Win32.339708
  • Win32.Trojan.Hoster.Heur
  • Win32.Trojan.WisdomEyes.16070401.9500.9970
  • Win32/Virus.Downloader.ab8

SpyHunter detecta e remove Topshape.me

Detalhes Sobre os Arquivos do Sistema

Topshape.me pode criar o(s) seguinte(s) arquivo(s):
Expandir todos | Recolher todos
# Nome do arquivo MD5 Detecções
1. softwareupdate.exe 5efa3a66b87d70a06dd95e03879702c7 8,338
2. topshape_setup_wJ6GDN92IGLUL1LT0AFD08L6.exe c4b67a8aae4912db0be788916b01e6f6 53
3. ShapeSrv.exe cf302a6787813cfff0b1a1c531e5fb4d 13
4. topshape-1005[1].exe a8023d3a900afdb7f913cdf5133669b2 5
5. topshape_ie.exe d17dd6843a76c0a5833079915f5a5f83 5
Arquivos Adicionais

Detalhes sobre o Registro

Topshape.me pode criar a seguinte entrada de registro ou entradas de registro:
File name without path
www.topshape[1].xml
HKEY..\..\..\..{RegistryKeys}
Software\Microsoft\Internet Explorer\DOMStorage\topshape.me
Software\Microsoft\Internet Explorer\DOMStorage\www.topshape.me
SOFTWARE\TopShape
SOFTWARE\TopShape-B3
SOFTWARE\TopShape-B3_mo
SOFTWARE\TopShape.me_mo
SOFTWARE\TopShape_mo
SOFTWARE\Wow6432Node\TopShape
SOFTWARE\Wow6432Node\TopShape-B3
SOFTWARE\Wow6432Node\TopShape-B3_mo
SOFTWARE\Wow6432Node\TopShape.me
SOFTWARE\Wow6432Node\TopShape.me_mo
SOFTWARE\Wow6432Node\TopShape_mo
SYSTEM\ControlSet001\services\TopShape Service
SYSTEM\ControlSet001\Services\TopShape-B3 Service
SYSTEM\ControlSet002\services\TopShape Service
SYSTEM\ControlSet002\Services\TopShape-B3 Service
SYSTEM\CurrentControlSet\services\TopShape Service
SYSTEM\CurrentControlSet\Services\TopShape-B3 Service
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
TopShape
TopShape-B3

Diretórios

Topshape.me pode criar o seguinte diretório ou diretórios:

%APPDATA%\TopShape-B4
%APPDATA%\TopShape-B7
%Appdata%\TopShape
%Appdata%\TopShape-B3
%Appdata%\TopShape.me
%PROGRAMFILES%\TopShape-B3
%PROGRAMFILES(x86)%\TopShape-B3

Relatório de análise

Informação geral

Family Name: Adware.TopShape.me
Signature status: Self Signed

Known Samples

MD5: f45fbf54e45e2a21ba3b29e399cfc798
SHA1: c590aeaaefe78d01ee57582131cb219ca434aae7
SHA256: AD91AF4D9F835550462B15D9A1F8229E0EAFC639C0C31459CE3BAF7876574CDC
Tamanho do Arquivo: 1.43 MB, 1434592 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Nome Valor
Company Name Keen Internet Technologies
File Description TopShape.me
File Version 1.0.0.4
Legal Copyright Keen Internet Technologies
Product Name TopShape.me
Product Version 9898.98

Digital Signatures

Signer Root Status
Boian Mihailov thawte SHA256 Code Signing CA Self Signed

File Traits

  • Installer Manifest
  • nosig nsis
  • Nullsoft Installer
  • x86

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca832.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca832.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca832.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha852.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsha852.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nstaa67.tmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\topshape.me\softwareupdate.exe Generic Write,Read Attributes
c:\users\user\appdata\roaming\topshape.me\softwareupdate.exe Synchronize,Write Attributes

Registry Modifications

Key::Value Dados API Name
HKLM\software\wow6432node\topshape.me::install_params RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\software\wow6432node\topshape.me::install_dir C:\Users\Ppmdkdab\AppData\Roaming\TopShape.me RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\topshape.me::displayversion 1.0.0.4 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\topshape.me::displayname TopShape.me RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\topshape.me::publisher Keen Internet Technologies RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\topshape.me::uninstallstring "C:\Users\Ppmdkdab\AppData\Roaming\TopShape.me\uninstall.exe" RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\topshape.me::displayicon "C:\Users\Ppmdkdab\AppData\Roaming\TopShape.me\SoftwareUpdate.exe" RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\topshape.me::estimatedsize ΀ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe RegNtPreCreateKey

Windows API Usage

Category API
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetReadFile
  • InternetSetOption
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
Service Control
  • OpenSCManager
  • OpenService
  • StartService
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
Show More
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation

Shell Command Execution

C:\Users\Ppmdkdab\AppData\Roaming\TopShape.me\SoftwareUpdate.exe /uninstall
C:\Users\Ppmdkdab\AppData\Roaming\TopShape.me\SoftwareUpdate.exe /install
sc failure "Software Updater Service" actions= restart/60000/restart/60000// reset= 86400

Tendendo

Mais visto

Carregando...