home

2474s.exe

Baggio Technologies (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 2474s.exe by Baggio Technologies (BrightCircle Investments Limited) has been detected as adware by 9 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Baggio Technologies (BrightCircle Investments Limited)  (signed and verified)

MD5:
6d194af043448b81b263a4264a4357c0

SHA-1:
6e476498c7642439b41aa784417c88d9e2ab9c2f

SHA-256:
a0c203ce77b59cab31e09e0628731404be2d55dc1ca380727c24a855f0ed909d

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/23/2024 6:38:48 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2014.12.08

avast!
Win32:Dropper-gen [Drp]
2014.9-141208

AVG
Win32/DH
2015.0.3266

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.5.0

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.2827

McAfee
Artemis!6D194AF04344
5600.6922

Reason Heuristics
Adware.BrightCircle
15.3.1.12

Trend Micro House Call
Suspicious_GEN.F47V1207
7.2.342

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
124 KB (126,952 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\jw7lk1gq\2474s.exe

Digital Signature
Signed by:
Baggio Technologies (BrightCircle Investments Limited)

Authority:
COMODO CA Limited

Valid from:
11/16/2014 4:00:00 PM

Valid to:
11/17/2015 3:59:59 PM

Subject:
CN=Baggio Technologies (BrightCircle Investments Limited), O=Baggio Technologies (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
469910CAA5B253B7B000122E7059F344

File PE Metadata
Compilation timestamp:
12/4/2014 1:54:56 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:yKCs3ZRpxisOM6g64TSfGjZewwvsuPIg93/LU72g+bTqc6oqa6NLsWjcdB7L6MBV:ZxisuMTOiUPHPQig+HB6N0BXVpryjK

Entry address:
0x6E54

Entry point:
E8, 92, 69, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, D0, 01, 32, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 2C, FA, 31, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, D0, 01, 32, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00...
 
[+]

Entropy:
6.3448

Code size:
81.5 KB (83,456 bytes)

The file 2474s.exe has been seen being distributed by the following 10 URLs.

http://dl.ourstaticdatastorage.com/.../2474s.exe

http://dl.newstatsdatanet.com/.../2474s.exe

http://dl.staticinputserv.com/.../2474s.exe

http://dl.newstatsclientcloud.com/.../2474s.exe

http://dl.ourinputinfonet.com/.../2474s.exe

http://dl.onlineinputstorage.com/.../2474s.exe

http://dl.onlinegenserv.com/.../2474s.exe

http://dl.newstaticinputserv.com/.../2474s.exe

http://dl.newstatsdemosrv.com/.../2474s.exe

http://dl.newstaticinfosrv.com/.../2474s.exe

Remove 2474s.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.