home

bedeaacfdf.exe

Safe SoFtwaRe SLL

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application bedeaacfdf.exe by Safe SoFtwaRe SLL has been detected as adware by 12 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory.
Publisher:
Safe SoFtwaRe SLL  (signed and verified)

Version:
2015.611.60.64

MD5:
c36dc100a3219b2fab4b6a2fa98c3ee9

SHA-1:
5f5641dc24b4e2de44dc658ee9fb72c9e235bc45

SHA-256:
b7240279a87ee7cf48085a28af90bbfcca9de867fe596ec2464268c4b82f54f1

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/23/2024 10:03:40 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.06.15

Avira AntiVirus
PUA/Outbrowse.Gen
8.3.1.6

AVG
Downloader
2016.0.2995

Baidu Antivirus
Adware.Win32.OutBrowse
4.0.3.1596

Dr.Web
Trojan.OutBrowse.835
9.0.1.0249

ESET NOD32
Win32/OutBrowse.BZ potentially unwanted application
9.7.0.302.0

F-Secure
Adware.Eorezo.BZ
11.2015-06-09_1

G Data
Win32.Adware.Outbrowse
15.9.25

herdProtect (fuzzy)
variant of bedechcfca.exe (Adware)
2015.9.6.9

Panda Antivirus
Trj/Genetic.gen
15.09.06.09

Reason Heuristics
PUP.Outbrowse.SafeSoFtwaReL (M)
15.8.1.17

File size:
1.1 MB (1,152,552 bytes)

Product version:
2015.611.60.64

Copyright:
Copyright (C) 2015

Original file name:
20156116064.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\bedeaacfdf.exe

Digital Signature
Signed by:
Safe SoFtwaRe SLL

Authority:
thawte, Inc.

Valid from:
6/8/2015 7:00:00 AM

Valid to:
1/28/2016 6:59:59 AM

Subject:
CN=Safe SoFtwaRe SLL, O=Safe SoFtwaRe SLL, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
52AFA5F1935666802D8027958B8700E2

File PE Metadata
Compilation timestamp:
6/11/2015 1:00:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:dGDDfrDzNMiQ3Ka5qaYUynj0g3KM7izNXr0pSLHfxzv8Dlo:2DfrDzNMibaPIj577iBApOHfNv8Dlo

Entry address:
0x38670

Entry point:
E8, 55, AD, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 90, 98, 4E, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 68, 90, 4E, 00, C9, C2, 08, 00, B8, 0F, 3F, 44, 00, A3, 88, 5F, 50, 00, C7, 05, 8C, 5F, 50, 00, 05, 36, 44, 00, C7, 05, 90, 5F, 50, 00, B9, 35, 44, 00, C7, 05, 94, 5F, 50, 00, F2, 35, 44, 00, C7, 05...
 
[+]

Entropy:
6.3322

Code size:
927.5 KB (949,760 bytes)

Remove bedeaacfdf.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.