bedfhgcjcd.exe

ConFirmEd app nln

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application bedfhgcjcd.exe by ConFirmEd app nln has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
ConFirmEd app nln  (signed and verified)

Version:
2015.71.150.64

MD5:
21f6a6e8f43984015a21bcc9cabd492b

SHA-1:
8bafe4745725089575b6149ffebe6322d8ad57c7

SHA-256:
9e5582c71580d4cff7f45e530d679d3a56e16bab28f9e3cc84f0341161d51dc4

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 12:06:17 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse.ConFirmEdappnln (M)
15.7.1.18

File size:
763 KB (781,352 bytes)

Product version:
2015.71.150.64

Copyright:
Copyright (C) 2015

Original file name:
20157115064.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\bedfhgcjcd.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
6/29/2015 5:00:00 PM

Valid to:
1/27/2016 3:59:59 PM

Subject:
CN=ConFirmEd app nln, O=ConFirmEd app nln, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
17DAA5D17975147F8691E24A0595DA0A

File PE Metadata
Compilation timestamp:
7/1/2015 8:00:15 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:GUmCwEAEfmE03xUo3EvVvG/s6W3rp1JOHzcb4XwnPrDAzj9kqmAMWnpur3/92w0b:GUmFf3hUo0dvG/TGrpHkYb4XCPrDAdkC

Entry address:
0x79A95

Entry point:
E8, 30, AE, 00, 00, E9, 89, FE, FF, FF, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 90, 3B, 4B, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, DF, BB, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, CF, BB, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49, 00, 8D, 04, 5B, 8B, 4C...
 
[+]

Entropy:
6.6139

Code size:
589.5 KB (603,648 bytes)

Remove bedfhgcjcd.exe - Powered by Reason Core Security