befrgl.exe

BeFrugal.com Toolbar

Capital Intellect Inc

The application befrgl.exe, “BeFrugal.com Toolbar Broker” by Capital Intellect Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “BeFrugal.com Toolbar Broker”.
Publisher:
Capital Intellect, Inc.  (signed by Capital Intellect Inc)

Product:
BeFrugal.com Toolbar

Description:
BeFrugal.com Toolbar Broker

Version:
2012.1.11.1

MD5:
6d4c4da76c09695f0de5db6498da6db4

SHA-1:
93cfa8b74fd58c004919375f448110c68e0286d5

SHA-256:
a77391ab51bdaeb352d06768b99a8bb9cfc69b8004028662ad447c82e4bc7937

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 7:08:24 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.8.28.14

File size:
324.4 KB (332,184 bytes)

Product version:
2012.1.11.1

Copyright:
Copyright © 2011 Capital Intellect, Inc. All Rights Reserved.

Trademarks:
All Rights Reserved. Patents Pending. Capital Intellect, Inc.

Original file name:
befrgl.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\common files\befrugal.com\toolbar\befrgl.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/19/2011 8:00:00 PM

Valid to:
7/20/2014 7:59:59 PM

Subject:
CN=Capital Intellect Inc, OU=Winferno Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Capital Intellect Inc, L=Boston, S=Massachusetts, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
197FCA08FE62EEB9A434DA3987E23171

File PE Metadata
Compilation timestamp:
5/17/2012 2:30:29 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:oIWA38+SnW9vH7Ied2UcydbKWQ7rgfyIk9iR5OWyXYKM6qy:onU8+Snaced2U/bLQ7rgfyjK6qy

Entry address:
0x28CC2

Entry point:
E8, 7F, A9, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 78, 9D, 44, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 7C, 9D, 44, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, A4, 42, 00, 00, 85, C0, 75, 06, B8, E0, 9E, 44, 00, C3, 83, C0, 08, C3, E8, 91, 42, 00, 00, 85, C0, 75, 06, B8, E4, 9E, 44, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08...
 
[+]

Entropy:
6.5213

Code size:
241 KB (246,784 bytes)

Service
Display name:
BeFrugal.com Toolbar Broker

Type:
Win32OwnProcess

Depends on:
RPCSS


Remove befrgl.exe - Powered by Reason Core Security