home

bedfhegfah.exe

ConFirmEd app nln

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application bedfhegfah.exe by ConFirmEd app nln has been detected as adware by 8 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.
Publisher:
ConFirmEd app nln  (signed and verified)

Version:
2015.71.1026.64

MD5:
79635b4f2370f9d90863247a24622538

SHA-1:
4e7c4db10492658871b9e143f273a3de7bc80b30

SHA-256:
817fec93ef79ea6acdab0ec6bf561939e9ce02d9f34a8b952eac7bfdd571faca

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
2/24/2025 9:03:43 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.07.02

Avira AntiVirus
PUA/Outbrowse.Gen
8.3.1.6

Baidu Antivirus
Adware.Win32.OutBrowse
4.0.3.1574

ESET NOD32
Win32/OutBrowse.CG potentially unwanted (variant)
9.11872

G Data
Win32.Adware.Outbrowse
15.7.25

Kaspersky
not-a-virus:HEUR:AdWare.Win32.OutBrowse
14.0.0.1789

Panda Antivirus
Trj/Genetic.gen
15.07.04.06

Reason Heuristics
PUP.Outbrowse.ConFirmEdappnln (M)
15.7.4.6

File size:
763 KB (781,352 bytes)

Product version:
2015.71.1026.64

Copyright:
Copyright (C) 2015

Original file name:
201571102664.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\bedfhegfah.exe

Digital Signature
Signed by:
ConFirmEd app nln

Authority:
thawte, Inc.

Valid from:
6/30/2015 9:00:00 AM

Valid to:
1/28/2016 8:59:59 AM

Subject:
CN=ConFirmEd app nln, O=ConFirmEd app nln, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
17DAA5D17975147F8691E24A0595DA0A

File PE Metadata
Compilation timestamp:
7/1/2015 7:26:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:PUmCwEAEfmE03xUo3EvVvG/s6W3rp1JOHzcb4XwnPrDAzj9kqmAMWnpur3/s2w09:PUmFf3hUo0dvG/TGrpHkYb4XCPrDAdkD

Entry address:
0x79A95

Entry point:
E8, 30, AE, 00, 00, E9, 89, FE, FF, FF, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 90, 3B, 4B, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, DF, BB, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, CF, BB, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49, 00, 8D, 04, 5B, 8B, 4C...
 
[+]

Entropy:
6.6139

Code size:
589.5 KB (603,648 bytes)

Remove bedfhegfah.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.