» Bezeq.bclient.exe
Overview
Analysis
File Details
Behaviors (1)

Bezeq.bclient.exe

Bezeq.bclient

Paralert Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘bcontrol’.

File name:

Bezeq.bclient.exe

Publisher:

Paralert Ltd (signed and verified)

Product:

Bezeq.bclient

Version:

1.0.0.0

MD5:

39eed55a02dde34e070f542e63608df5

SHA-1:

17080d83c9309bcd4dda21ba55efca3115ce2df1

SHA-256:

5d7d6bfe5ebef09e87b79a516047fc7aace83e8d6bf99f4a2f7c25e9b7113782

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/28/2024 2:00:09 AM UTC (today)

File size:

48.4 KB (49,600 bytes)

Product version:

1.0.0.0

Original file name:

Bezeq.bclient.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\bcontrol\bezeq.bclient.exe

Digital Signature

Signed by:

Paralert Ltd

Authority:

COMODO CA Limited

Valid from:

11/27/2015 2:00:00 AM

Valid to:

11/27/2016 1:59:59 AM

Subject:

CN=Paralert Ltd, O=Paralert Ltd, STREET=4 Sitakov Isasscar, L=ramat gan, S=Rehovot, PostalCode=7629406, C=IL

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

28E5C66D26E600792CDEC4714B5687EE

File PE Metadata

Compilation timestamp:

11/19/2016 6:06:11 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

48.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:QmeiUezDxkAPKiUB+M6Pz4XJXauET14VxDjU7jOAD9DOv7DBgetiM:8FwFeBh6P8hX21kEnvD9Dg7DBgetiM

Entry address:

0xC982

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 33, 00, 00, 00, 66, 00, 00, 00, 99, 00, 00, 00, CC, 00, 00, 00, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.0778

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

42.5 KB (43,520 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

bcontrol

Command:

"C:\Program Files\bcontrol\bezeq.bclient.exe"

Scan Bezeq.bclient.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.