home

bedefcajea.exe

GReaT APpS TLD

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application bedefcajea.exe by GReaT APpS TLD has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
GReaT APpS TLD  (signed and verified)

Version:
2015.617.60.64

MD5:
59c315f7f063383935797fca12644eeb

SHA-1:
ea790990adc2935c7c1b6abad476cc4d711c0270

SHA-256:
3e8701095e88b2a8ba06b8a6b0366b98acf30422272da81acd313e6283849115

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
1/14/2025 10:54:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse (M)
16.8.7.16

File size:
857 KB (877,608 bytes)

Product version:
2015.617.60.64

Copyright:
Copyright (C) 2015

Original file name:
20156176064.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\bedefcajea.exe

Digital Signature
Signed by:
GReaT APpS TLD

Authority:
thawte, Inc.

Valid from:
6/16/2015 5:00:00 AM

Valid to:
1/28/2016 4:59:59 AM

Subject:
CN=GReaT APpS TLD, O=GReaT APpS TLD, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
2D0DF6C6522305B46916D698ABC531FB

File PE Metadata
Compilation timestamp:
6/17/2015 11:00:17 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:sS8QHwgL28IA3zAy1xR7eyy4xgOC9mbN5:scL28pTFA4xzC9mp5

Entry address:
0x8FE15

Entry point:
E8, 80, AE, 00, 00, E9, 89, FE, FF, FF, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 90, AB, 4C, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, EF, BC, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, DF, BC, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49, 00, 8D, 04, 5B, 8B, 4C...
 
[+]

Entropy:
6.5728

Code size:
681 KB (697,344 bytes)

Remove bedefcajea.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.