bdsetup.exe

OPTI ADS LTD

The application bdsetup.exe by OPTI ADS has been detected as a potentially unwanted program by 10 anti-malware scanners. While running, it connects to the Internet address c4.3e.559e.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
OPTI ADS LTD  (signed and verified)

Version:
1.3.0.0

MD5:
c5f478842a24c4c866070fb3c6decee0

SHA-1:
5b1751fdb24d5769f212b806c6dc196b2c3698ec

SHA-256:
2746171f9e38c87179b20b8676036a67d0b101bb12cbc94217a84f6cb2b25554

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 6:52:31 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-gen [Adw]
2014.9-150826

Baidu Antivirus
PUA.Win32.Montiera
4.0.3.15826

Bkav FE
W32.HfsAdware
1.3.0.7133

Dr.Web
Adware.Toolbar.692
9.0.1.0238

ESET NOD32
Win32/Toolbar.Montiera.R potentially unwanted (variant)
9.12141

K7 AntiVirus
Adware
13.2016980

Malwarebytes
PUP.Optional.OptiAds.A
v2015.08.26.05

NANO AntiVirus
Riskware.Win32.Toolbar.dvocsx
0.30.24.3079

Panda Antivirus
Trj/Genetic.gen
15.08.26.05

Reason Heuristics
Threat.Win.Reputation.IMP
15.8.26.17

File size:
446.9 KB (457,632 bytes)

Copyright:
All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\bdraw\bdraw\1.4.0.9\bdsetup.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
3/12/2015 8:00:00 PM

Valid to:
3/23/2016 8:00:00 AM

Subject:
CN=OPTI ADS LTD, O=OPTI ADS LTD, L=Tel Aviv, S=Tel Aviv, C=IL

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
019E7E421DD92BB6922755CD51B3A65C

File PE Metadata
Compilation timestamp:
8/23/2015 6:03:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:sTYE+kpmmvQ9Zrkrd3hU1pyws4BzTnTnVl4HQcK1Busp+3:cnU1Ews4BzTnTYHQ9LXpo

Entry address:
0x37DCA

Entry point:
E8, 63, 84, 00, 00, E9, 89, FE, FF, FF, B8, 77, 0D, 44, 00, A3, 30, 54, 46, 00, C7, 05, 34, 54, 46, 00, 6D, 04, 44, 00, C7, 05, 38, 54, 46, 00, 21, 04, 44, 00, C7, 05, 3C, 54, 46, 00, 5A, 04, 44, 00, C7, 05, 40, 54, 46, 00, C3, 03, 44, 00, A3, 44, 54, 46, 00, C7, 05, 48, 54, 46, 00, EF, 0C, 44, 00, C7, 05, 4C, 54, 46, 00, DF, 03, 44, 00, C7, 05, 50, 54, 46, 00, 41, 03, 44, 00, C7, 05, 54, 54, 46, 00, CD, 02, 44, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, 51, 8F, 00, 00, DB...
 
[+]

Entropy:
6.3464

Code size:
314.5 KB (322,048 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to c4.3e.559e.ip4.static.sl-reverse.com  (158.85.62.196:80)

TCP (HTTP):
Connects to ny1wv3280.xglobe.net  (204.145.82.20:80)

TCP (HTTP):
Connects to NY1WV3659  (204.145.82.27:80)

Remove bdsetup.exe - Powered by Reason Core Security