» bagbin.exe
Overview
Analysis
File Details
Behaviors (1)

bagbin.exe

Wei Liu

The application bagbin.exe by Wei Liu has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Protect Service(BagbinP)”.

File name:

bagbin.exe

Publisher:

Wei Liu (signed and verified)

MD5:

2bc3b9a50107246bb821d3a8d898f4de

SHA-1:

ff48d4cbc6252cdcdda69fa480eebad95b1cdb6a

SHA-256:

aa1e4ce08ae94030e8122ec90b2d911b4baf323b2fa35b1ca70086fb28cee6a6

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/16/2024 3:07:12 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Elex (M)

16.8.18.12

File size:

447.4 KB (458,112 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\bagbin\bagbin.exe

Digital Signature

Signed by:

Wei Liu

Authority:

thawte, Inc.

Valid from:

8/18/2016 7:00:00 AM

Valid to:

4/2/2017 6:59:59 AM

Subject:

CN=Wei Liu, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

60F5EA468F8A6C4F5A07C1F2515EFD85

File PE Metadata

Compilation timestamp:

8/18/2016 12:10:46 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

6144:hz3p+2R1oHf0Pd5y+fDeF0PwzIsWx0WVTMihZs7LgiAYEAOp72j0Zi+RaRpyw:hz3psfeiMsWyWTNGE6FPRpyw

Entry address:

0x2B39F

Entry point:

E8, C8, 07, 00, 00, E9, 80, FE, FF, FF, FF, 25, 60, F3, 44, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 70, A0, 46, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 70, A0, 46, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45... 
[+]

Entropy:

6.4639

Code size:

310 KB (317,440 bytes)

Service

Display name:

Protect Service(BagbinP)

Service name:

BagbinP

Description:

To ensure your Bagbin software integrity. If this service is disabled or stopped, your Bagbin software will not be kept integrity check. This service uninstalls itself when there is no Bagbin software

Type:

Win32OwnProcess

Depends on:

RpcSs

Remove bagbin.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.