bb_install.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from f2h.nana10.co.il and multiple other hosts.
MD5:
5b04e6b52594e3eadf6d490e42c6f0ca

SHA-1:
23cf046bab4a9db0eb4af9f41a81bbc52d45ef4c

SHA-256:
70924896a6f403b4ab53b58d5a4203bfe6e1f54f3132b1ae71921ce454291b2e

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/26/2024 4:22:02 AM UTC  (today)

Scan engine
Detection
Engine version

ViRobot
Trojan.Win32.A.Badur.45591754[h]
2014.3.20.0

Zillya! Antivirus
Worm.Mabezat.Win32.1957
2.0.0.2090

File size:
43.5 MB (45,591,754 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\bb_install.exe

File PE Metadata
Compilation timestamp:
2/7/2002 3:31:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:2S5OFVKaJF76dEPA0kxAyxWDEUcKBFLn/fDKjrpp58Ox5F7sKNvGi01OJ:JOjudEPH7occKB5/2jrrxwKNui8OJ

Entry address:
0x45E3

Entry point:
83, EC, 0C, 53, 56, 57, FF, 15, B4, 70, 40, 00, 05, E8, 03, 00, 00, BE, E0, DF, 41, 00, 89, 44, 24, 10, B3, 20, FF, 15, 28, 70, 40, 00, 68, 00, 04, 00, 00, FF, 15, 20, 71, 40, 00, 50, 56, FF, 15, 28, 71, 40, 00, 80, 3D, E0, DF, 41, 00, 22, 75, 08, 80, C3, 02, BE, E1, DF, 41, 00, 8A, 06, 8B, 3D, F0, 71, 40, 00, 84, C0, 74, 0F, 3A, C3, 74, 0B, 56, FF, D7, 8B, F0, 8A, 06, 84, C0, 75, F1, 80, 3E, 00, 74, 05, 56, FF, D7, 8B, F0, 89, 74, 24, 14, 80, 3E, 20, 75, 07, 56, FF, D7, 8B, F0, EB, F4, 80, 3E, 2F, 75, 21...
 
[+]

Entropy:
7.9982

Packer / compiler:
Nullsoft PiMP Install System v1.x

Code size:
24 KB (24,576 bytes)

The file bb_install.exe has been seen being distributed by the following 14 URLs.

http://f2h.nana10.co.il/.../usqpuiaevkdg|135c37452122708c56f78ad050acf725|.exe

http://www.4yougratis.it/.../count.php?id=1401

http://www.vins.co.il/.../Blip-and-Blop

http://www.vins.co.il/.../Blip-and-Blop

http://downloads.yo-yoo.co.il/most.php?act=download&id=84

http://www.winsoftware.de/Startedownload29478

http://f2h.nana10.co.il/.../usqpuiaevkdg|4877436f3bc1f268f4fcc63b229336b4|.exe

Scan bb_install.exe - Powered by Reason Core Security