home

beamrise.exe

Beamrise

SIEN S.A.

The application beamrise.exe by SIEN S.A has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Beamrise’.
Publisher:
The Beamrise Authors  (signed by SIEN S.A.)

Product:
Beamrise

Version:
27.3.0.5964

MD5:
207f6c22788be1da2a4c7552fa043206

SHA-1:
eaa9da430335b09e05423b223a8e7da1890fcca5

SHA-256:
c6d69efe8a60ddebefe79addd7652d3e0b15de3aeb77893f20f588523e483cb0

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 2:05:08 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Startup.SIENSA.I
14.2.25.5

File size:
1.5 MB (1,539,392 bytes)

Product version:
27.3.0.5964

Copyright:
Copyright 2013 The Beamrise Authors. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\beamrise\application\beamrise.exe

Digital Signature
Signed by:
SIEN S.A.

Authority:
VeriSign, Inc.

Valid from:
8/22/2012 1:00:00 AM

Valid to:
8/23/2014 12:59:59 AM

Subject:
CN=SIEN S.A., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SIEN S.A., L=Paris, S=France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
514EA00D30C8C244C3E818890BF73967

File PE Metadata
Compilation timestamp:
9/4/2013 7:03:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:4ZQbO2IWJn533fNLvInztu/CxUlbLua3gE+sD:WQbGu3v+nxuB6sD

Entry address:
0x4DAD1

Entry point:
E8, 90, 8B, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, BA, 61, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 48, 8D, 49, 00, 74, 12, 8B, 0D, 00, 8B, 49, 00, 85, 48, 70, 75, 07, E8, 69, 5F, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 18, 93, 49, 00, 74, 16, 8B, 46, 08, 8B, 0D, 00, 8B, 49, 00, 85, 48, 70, 75, 08, E8, E9, 8D, 00, 00, 89, 46, 04, 8B, 46, 08, F6, 40, 70, 02, 75, 14, 83, 48, 70, 02, C6, 46, 0C, 01, EB, 0A...
 
[+]

Entropy:
6.4795

Code size:
425.5 KB (435,712 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Beamrise

Command:
"C:\users\{user}\appdata\local\beamrise\application\beamrise.exe" --no-startup-window --auto-launch-at-startup --profile-directory="default"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-gru2.fbcdn.net  (31.13.85.4:443)

TCP (HTTP):
Connects to 174.127.72.240.static.midphase.com  (174.127.72.240:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-gru2.facebook.com  (31.13.85.8:443)

TCP (HTTP):
Connects to 186-229-127-52.ded.intelignet.com.br  (186.229.127.52:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-02-gru2.fbcdn.net  (157.240.12.16:443)

TCP (HTTP SSL):
Connects to ec2-52-206-210-214.compute-1.amazonaws.com  (52.206.210.214:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:443)

TCP (HTTP SSL):
Connects to 200-157-208-250.ded.intelignet.com.br  (200.157.208.250:443)

TCP (HTTP SSL):
Connects to 186-229-127-55.ded.intelignet.com.br  (186.229.127.55:443)

TCP (HTTP SSL):
Connects to ec2-52-3-59-212.compute-1.amazonaws.com  (52.3.59.212:443)

TCP (HTTP SSL):
Connects to ec2-52-7-175-42.compute-1.amazonaws.com  (52.7.175.42:443)

TCP (HTTP SSL):
Connects to 186-229-127-59.ded.intelignet.com.br  (186.229.127.59:443)

TCP (HTTP SSL):
Connects to bam-6.nr-data.net  (162.247.242.18:443)

TCP (HTTP SSL):
Connects to a72-246-176-18.deploy.akamaitechnologies.com  (72.246.176.18:443)

TCP (HTTP):
Connects to 186-229-127-53.ded.intelignet.com.br  (186.229.127.53:80)

TCP (HTTP SSL):
Connects to 186-229-127-57.ded.intelignet.com.br  (186.229.127.57:443)

TCP (HTTP):
Connects to i0-h0-s4.p0-gig.cdngp.net  (174.35.87.69:80)

TCP (HTTP):
Connects to ec2-46-137-98-64.eu-west-1.compute.amazonaws.com  (46.137.98.64:80)

Remove beamrise.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.