BFHP.exe

BeFrugal.com Helper

BeFrugal.com (Capital Intellect Inc.)

The application BFHP.exe by BeFrugal.com (Capital Intellect) has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘BFHP’. This file is typically installed with the program Cash Back Assistant by Capital Intellect Inc. which is a potentially unwanted software program.
Publisher:
Capital Intellect, Inc.  (signed by BeFrugal.com (Capital Intellect Inc.))

Product:
BeFrugal.com Helper

Version:
2013.3.19.3

MD5:
b9124645b63b10328d53b77f22d4434f

SHA-1:
7b68868fdff07483813e09ab212a5d1700d2b27d

SHA-256:
b127a80a5211bf08413c0a2228524bbfec8449bac3cec960df3de657bafa8e06

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/25/2024 12:45:23 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.BeFrugal (M)
16.11.13.7

File size:
406 KB (415,744 bytes)

Product version:
2013.3.19.3

Copyright:
Copyright © 2011-2013 Capital Intellect, Inc. All Rights Reserved.

Trademarks:
All Rights Reserved. Patents Pending. Capital Intellect, Inc.

Original file name:
BFHP.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\common files\befrugal.com\toolbar\bfhp.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
12/9/2014 7:00:00 PM

Valid to:
12/9/2017 6:59:59 PM

Subject:
CN=BeFrugal.com (Capital Intellect Inc.), O=BeFrugal.com (Capital Intellect Inc.), L=Boston, S=Massachusetts, C=US, SERIALNUMBER=3324134, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
07938B222AB6BB2F5FB317364DED4C9F

File PE Metadata
Compilation timestamp:
5/20/2015 2:17:30 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:J2gm/Rpfi28wQJ0gw/cMtb2gpJ3qrVVo9gzuJm9hY:J2gm/jihA7/1FRpJ3EVVuX

Entry address:
0x1A24C

Entry point:
E8, E2, 73, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 70, 9B, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 68, 90, 42, 00, C9, C2, 08, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82...
 
[+]

Entropy:
5.3037

Code size:
159 KB (162,816 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
BFHP

Command:
C:\Program Files\common files\befrugal.com\toolbar\bfhp.exe


The file BFHP.exe has been discovered within the following program.

Cash Back Assistant  by Capital Intellect Inc.
Publisher's description - “Get automatic coupon alerts and earn Cash Back at 4000+ top stores. Plus instantly access hundreds of weekly ad flyers, restaurant coupons and more. The BeFrugal.com Toolbar keeps members up to date on Cash Back and coupon alerts.”
www.befrugal.com/addon
About 73% of users remove it
 
Powered by Should I Remove It?

Remove BFHP.exe - Powered by Reason Core Security