» beamng_drive.exe
Overview
Analysis
File Details
Downloads (8)

beamng_drive.exe

Befibir

Morava Group

The application beamng_drive.exe, “Befibir Setup ” by Morava Group has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.appscleanflash.com and multiple other hosts.

File name:

beamng_drive.exe

Publisher:

Kulat (signed by Morava Group)

Product:

Befibir

Description:

Befibir Setup

MD5:

21d6d9696d489f784022ecd03f12e234

SHA-1:

5ec0e63d38067567d2809d5f031b32998a2e2f93

SHA-256:

c34cbf67babcf7fbc475d8c195bdc4d858393c62ed17cfc38949ebb386e3e3e6

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/6/2024 6:41:26 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/InstallCore.AFW potentially unwanted application

8.0.319.0

Reason Heuristics

PUP.InstallCore.MoravaGr.Installer (M)

16.4.12.22

File size:

971 KB (994,352 bytes)

Product version:

2.3

Software Internet

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\beamng_drive.exe

Digital Signature

Signed by:

Morava Group

Authority:

GlobalSign nv-sa

Valid from:

3/7/2016 8:28:01 AM

Valid to:

3/8/2017 8:28:01 AM

Subject:

CN=Morava Group, O=Morava Group, L=Towson, C=US

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121A83F14C1C6D435814D1A4B9EC949DB5C

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:XmdmwFjzyzV8q8viESE6v3auceqLPmaNtz5DyP2jGnyO9:XgPBeRcviE503auceqLug8CGnyS

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9055

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file beamng_drive.exe has been seen being distributed by the following 8 URLs.

http://www.appscleanflash.com/c?x=EC9TWNCB1TILl2dbYurgj ovhSvGDOq KY90vygdEDQ=&c=dDiySkBnMD53ZU/lriNIFWgCyyrVMLRinr9UCB/eGWJFsm5IYdJUyv3eYaHEm5n0gYo10BW4P9zaGjk1dB7DpfDQMGA/Ysntxg3MAlAmdu6GOxefQ6bEQoCcOpmGTbBazTpP1B0qD2bsZGU/b7wjfRNxkM58vJOJ8j8QP/.../yssNmeL&e=0&downloadAs=BeamNG_drive.exe&fallback_url=Fallback URL

http://www.appscleanflash.com/c?x=MplapQxHnWq9WbGa0aq 6OfoAPvlN3g4R9H8q0Nx tg=&c=9xyxm onm3wQZXGoFoCceAmW9O56hbzxwkERm0xbOEZJzlJBT84NLgbuBS3R2boGQGlD6Y1yMqfa1tVTitI5d bhEXzwaqwC7X/.../jc7WqmVo6wsAbkIFLSrso0jppzlo2LAMW3L01 QnTeSlrgY2XY=&e=0&downloadAs=BeamNG_drive.exe&fallback_url=Fallback URL

http://www.appscleanflash.com/WVl6OTRQWGh1Y3pkeGVrNWFhSFZMYjNreGVXUmhVR3QxVEdoUVFuVnRPVkZVZFZsTVpHMVZaR3RKWTNjeFprMGxNMFFtWXoxelkycDVkV1pZTlhoUWFuUlhhRlJHSlRKR1RtTTJSamdsTWtZeWNVcHBhMUphY1haM1ptVndTVWxPVG5kaVpXcEtOV1JGTldwV1lUWkJhR1ZtYnpaeUpUSkNRaVV5Um1aT09HZEpjbXhaVkRaUU5GRnJlbGxaUjB0VlFYaDFUaVV5Umt3NE0xa3hjMDVQZUdaTmJsaGtWRlZWSlRKR2RYWkpiaVV5UWs5TldVUnphRzVsVjFKS2RGaGlWalpYSm1SdmQyNXNiMkZrUVhNOVFtVmhiVTVIWDJSeWFYWmxMbVY0WlNabVlXeHNZbUZqYTE5MWNtdzlSbUZzYkdKaFkyc3JWVkpN

http://www.appscleanflash.com/c?x=Y5/x6k6Ew4ZUP/.../QpFrCe3cd5smeJ0ycwtRU4eIRBLlUiXSZh3xwFeFp0uS5iHp9JUsL2lRh5M6f9Hqj3UIMsC86uGCrmZXFObJqRUPiHZpozRkxGlU&downloadAs=BeamNG_drive.exe&fallback_url=Fallback URL

http://www.appscleanflash.com/c?x=MwlwEwbjc /B41LT5qspmn878HnXM5wL/nrMsqQOgmU=&c=Dx3hjuPOfdLq7Nd/.../zQ252bQ3ftJxnK14bUaRssxf6ZVN7R34VghcfgKTxq6Y6gqh3QXDobrhaVVr 2Fvf1Gg9nm9L8d4kEQNl0XGINfwNHMFNyqlXYL7gNa6YpzU1BlY6DFAjycMD5YDdfLqQ22fSCw5g=&e=0&downloadAs=BeamNG_drive.exe&fallback_url=Fallback URL

http://www.appscleanflash.com/c?x=LtGMuBGEnDfzLnXgIZI1MD qsjFyhcH3mGuiTKtYw3c=&c=7pvLO9YGP74RqfzlX7ZcbWd3QvvM8bbsWO/.../gAfYUZCdMtiGD09YRNEAIu4WArPs6h7 jVY8kGFeGuj 8hywlvA KPF7&downloadAs=BeamNG_drive.exe&fallback_url=Fallback URL

http://www.appscleanflash.com/c?x=hgfLngd4 3HLWuWVjLO5bNhB4QgHU8mKFR/cAGqrJZM=&c=/ 8hTtf1V0TG9P2hiU2qVplhpxDc2zRWiATbqKnj34fdMvCZRyDG/.../AbIcaKdeUXWOaI1UPQj6wF2olFxLT1OKSdEobuTKgwPWAWmsLYn4CLpcRE=&e=0&downloadAs=BeamNG_drive.exe&fallback_url=Fallback URL

http://www.appscleanflash.com/.../AZDmmYkf5vCAFqTp8pUbe9hJz4qIeSFPF0CCittXnhL2x9gqAbUAlcXIxP5A50YS6sjjqTWzaZkshle9yWZXcE11F wuoeWQZXwrt4vC1C2WbxVzq0tOY880xXFWLPLUMe3sTGcw3s=&e=0&downloadAs=BeamNG_drive.exe&fallback_url=Fallback URL

Remove beamng_drive.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.