bcbcabfdgbcc.exe

OTOPIA soft

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application bcbcabfdgbcc.exe by OTOPIA soft has been detected as adware by 18 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory.
Publisher:
OTOPIA soft  (signed and verified)

Version:
2015.120.1235.2

MD5:
ae80aec76db5bb879fd2f706dd52b436

SHA-1:
4893bee3861af9b31cc87aac83a73e99af76ebe0

SHA-256:
acf6236d804065159549e21b8c20a588ac48ff268a007a0aeb2e118d7bebf992

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/24/2024 6:13:57 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.16

AVG
Downloader
2016.0.3196

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.15216

Dr.Web
Trojan.KillFiles.22265
9.0.1.047

ESET NOD32
Win32/OutBrowse.BA potentially unwanted (variant)
9.11179

Fortinet FortiGate
Riskware/OutBrowse
2/16/2015

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.2476

McAfee
Artemis!AE80AEC76DB5
5600.6852

NANO AntiVirus
Trojan.Win32.KillFiles.dmtzdt
0.30.0.65070

Panda Antivirus
Generic Suspicious
15.02.16.09

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.Outbrowse
15.2.16.21

Sophos
Generic PUA EI
4.98

Trend Micro House Call
TROJ_GEN.R0C1H07BB15
7.2.47

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
37580

Zillya! Antivirus
Downloader.OutBrowse.Win32.1193
2.0.0.2068

File size:
822.7 KB (842,424 bytes)

Product version:
2015.120.1235.2

Copyright:
Copyright (C) 2015

Original file name:
201512012352.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\bcbcabfdgbcc.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
1/19/2015 6:00:00 PM

Valid to:
12/17/2015 5:59:59 PM

Subject:
CN=OTOPIA soft, O=OTOPIA soft, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
147E36526551746AA73B8CB9252C7C3A

File PE Metadata
Compilation timestamp:
1/20/2015 6:35:22 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:xo5S1D5svi7drotuH+6q/seuKOo/vcsHllP/fJHFyH:W5S1D5sK71otuH+L/shKOoXhDP/BHFyH

Entry address:
0x854B5

Entry point:
E8, F0, AC, 00, 00, E9, 89, FE, FF, FF, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 40, FA, 4B, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 4C, A4, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 3C, A4, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49, 00, 8D, 04, 5B, 8B, 4C...
 
[+]

Entropy:
6.6203

Code size:
636 KB (651,264 bytes)

Remove bcbcabfdgbcc.exe - Powered by Reason Core Security