home

beddigcaig.exe

Click to StArt

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application beddigcaig.exe by Click to StArt has been detected as adware by 10 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory.
Publisher:
Click to StArt  (signed and verified)

Version:
2015.69.150.64

MD5:
6c76cafb66632dd6a597f497c6e1d16c

SHA-1:
2039da0c7a2a92a052f4b9467887aca0f3008802

SHA-256:
f4907555e62a6d0e5b00aef572aafa8cdc6ac07d9f196359e9cf29d4d7942a33

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/23/2024 7:45:31 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/Outbrowse.Gen
8.3.1.6

avast!
Win32:OutBrowse-AE [PUP]
2014.9-150610

AVG
Downloader
2016.0.3083

Baidu Antivirus
Adware.Win32.OutBrowse
4.0.3.1569

Dr.Web
Trojan.OutBrowse.512
9.0.1.0161

ESET NOD32
Win32/OutBrowse.BZ potentially unwanted application
7.0.302.0

G Data
Win32.Adware.Outbrowse
15.6.25

Reason Heuristics
PUP.Outbrowse.ClicktoStArt
15.6.9.17

Sophos
PUA 'OutBrowse Revenyou'
5.15

VIPRE Antivirus
Threat.4784459
40786

File size:
1.2 MB (1,223,720 bytes)

Product version:
2015.69.150.64

Copyright:
Copyright (C) 2015

Original file name:
20156915064.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\beddigcaig.exe

Digital Signature
Signed by:
Click to StArt

Authority:
thawte, Inc.

Valid from:
6/8/2015 1:00:00 AM

Valid to:
12/18/2015 12:59:59 AM

Subject:
CN=Click to StArt, O=Click to StArt, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
39A49760E2AEE5BC52781521EC87DBCB

File PE Metadata
Compilation timestamp:
6/9/2015 4:00:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:dcFlRDaQnXnef0dMXDZcK5aecJl+8Xdo5butH2LF8xehcrYt1:2FLnXef0KTez+8NEbtB8xKcrYt1

Entry address:
0xD991F

Entry point:
E8, 36, AE, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 5C, E2, 51, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 92, B0, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 82, B0, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49...
 
[+]

Entropy:
6.2964

Code size:
986 KB (1,009,664 bytes)

Remove beddigcaig.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.