home

bedjahieia.exe

starT PlaYInG

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application bedjahieia.exe by starT PlaYInG has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory.
Publisher:
starT PlaYInG  (signed and verified)

Version:
2015.89.00.64

MD5:
477c5360c91c81fb47fc0ed874bb8713

SHA-1:
1f256b5d46732b83a247138507b40a5e95576aca

SHA-256:
915cbc1d9a6a309f149bc6d6a820267ae136f28edb92d0d9ab137c3318dc6eaa

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/16/2024 1:26:03 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.08.09

Avira AntiVirus
PUA/Outbrowse.Gen
8.3.1.6

AVG
Downloader
2016.0.3022

Bkav FE
W32.HfsAdware
1.3.0.7062

Dr.Web
Trojan.OutBrowse.1069
9.0.1.0222

ESET NOD32
Win32/OutBrowse.BX potentially unwanted (variant)
9.12065

G Data
Win32.Adware.Outbrowse
15.8.25

herdProtect (fuzzy)
variant of bedjahifca.exe (Adware)
2015.9.19.8

IKARUS anti.virus
PUA.OutBrowse
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.207.16830

Kaspersky
not-a-virus:HEUR:AdWare.Win32.OutBrowse
14.0.0.1604

NANO AntiVirus
Trojan.Win32.OutBrowse.duxjgb
0.30.24.3079

Panda Antivirus
Trj/Genetic.gen
15.08.10.03

Reason Heuristics
PUP.Outbrowse.starTPlaYInG.Bundler (M)
15.8.10.3

Sophos
OutBrowse Revenyou (PUA)
4.98

VIPRE Antivirus
OutBrowse
42726

File size:
803 KB (822,304 bytes)

Product version:
2015.89.00.64

Copyright:
x

Original file name:
2015890064.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\bedjahieia.exe

Digital Signature
Signed by:
starT PlaYInG

Authority:
thawte, Inc.

Valid from:
6/30/2015 8:00:00 AM

Valid to:
12/12/2015 7:59:59 AM

Subject:
CN=starT PlaYInG, O=starT PlaYInG, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
2E2044E61FEEBFB2FDD3D1020A7E2122

File PE Metadata
Compilation timestamp:
8/9/2015 8:00:19 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:gK1CV6OMo3xJlr90fmUPUiws6AKaZpfnlz2j+WU7BW9jCOWo9x:g7VhMo3/h9EmUPvws6NElCjBU7BW8OWK

Entry address:
0x777E0

Entry point:
E8, E5, AD, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, E0, 47, 49, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 68, 40, 49, 00, C9, C2, 08, 00, B8, 0F, 31, 48, 00, A3, 88, 0F, 4B, 00, C7, 05, 8C, 0F, 4B, 00, 05, 28, 48, 00, C7, 05, 90, 0F, 4B, 00, B9, 27, 48, 00, C7, 05, 94, 0F, 4B, 00, F2, 27, 48, 00, C7, 05...
 
[+]

Code size:
585.5 KB (599,552 bytes)

Remove bedjahieia.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.