2474s.exe

Baggio Technologies (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 2474s.exe by Baggio Technologies (BrightCircle Investments Limited) has been detected as adware by 9 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
MD5:
6d194af043448b81b263a4264a4357c0

SHA-1:
6e476498c7642439b41aa784417c88d9e2ab9c2f

SHA-256:
a0c203ce77b59cab31e09e0628731404be2d55dc1ca380727c24a855f0ed909d

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/24/2024 11:38:08 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2014.12.08

avast!
Win32:Dropper-gen [Drp]
2014.9-141208

AVG
Win32/DH
2015.0.3266

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.5.0

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.2827

McAfee
Artemis!6D194AF04344
5600.6922

Reason Heuristics
Adware.BrightCircle
15.3.1.12

Trend Micro House Call
Suspicious_GEN.F47V1207
7.2.342

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
124 KB (126,952 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\jw7lk1gq\2474s.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/16/2014 4:00:00 PM

Valid to:
11/17/2015 3:59:59 PM

Subject:
CN=Baggio Technologies (BrightCircle Investments Limited), O=Baggio Technologies (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
469910CAA5B253B7B000122E7059F344

File PE Metadata
Compilation timestamp:
12/4/2014 1:54:56 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:yKCs3ZRpxisOM6g64TSfGjZewwvsuPIg93/LU72g+bTqc6oqa6NLsWjcdB7L6MBV:ZxisuMTOiUPHPQig+HB6N0BXVpryjK

Entry address:
0x6E54

Entry point:
E8, 92, 69, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, D0, 01, 32, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 2C, FA, 31, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, D0, 01, 32, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00...
 
[+]

Entropy:
6.3448

Code size:
81.5 KB (83,456 bytes)

The file 2474s.exe has been seen being distributed by the following 10 URLs.

Remove 2474s.exe - Powered by Reason Core Security