» befbfiiffd.exe
Overview
Analysis
File Details

befbfiiffd.exe

bEsT aPp

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application befbfiiffd.exe by bEsT aPp has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.

File name:

befbfiiffd.exe

Publisher:

bEsT aPp (signed and verified)

MD5:

8c75850b6969fe577934c8dae0f1bcc1

SHA-1:

3ba3c7a21bdd85c6d2693524eb61ebdc9408f8af

SHA-256:

49cb9bd5cc5e1e7cd62500d63ebd28711c7385123ed4665fa42da9f91448222d

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

1/11/2025 11:46:51 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Outbrowse (M)

17.1.5.20

File size:

469.5 KB (480,792 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\befbfiiffd.exe

Digital Signature

Signed by:

bEsT aPp

Authority:

thawte, Inc.

Valid from:

12/14/2015 5:30:00 AM

Valid to:

12/17/2016 5:29:59 AM

Subject:

CN=bEsT aPp, O=bEsT aPp, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

664D723AAEE4E45D91E9AE07011D86E1

File PE Metadata

Compilation timestamp:

1/1/2016 12:31:14 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x35872

Entry point:

E8, D1, B6, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, C6, 45, FF, 00, 8B, 7B, 08, 8D, 73, 10, 33, 3D, C0, E2, 46, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 83, F8, FE, 74, 0D, 8B, 4F, 04, 03, CE, 33, 0C, 30, E8, 6D, A8, FF, FF, 8B, 47, 08, 8B, 4F, 0C, 03, CE, 33, 0C, 30, E8, 5D, A8, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, CF, 00, 00, 00, 89, 45, E8, 8B, 45, 10, 89, 45, EC, 8D, 45, E8, 89, 43, FC, 8B, 43, 0C, 89, 45, F8, 83, F8, FE, 0F, 84, ED, 00, 00, 00... 
[+]

Entropy:

6.4191

Code size:

329 KB (336,896 bytes)

Remove befbfiiffd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.