home

BFHP.exe

BeFrugal.com Helper

BeFrugal.com (Capital Intellect Inc.)

The application BFHP.exe by BeFrugal.com (Capital Intellect) has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘BFHP’. This file is typically installed with the program Cash Back Assistant by Capital Intellect Inc. which is a potentially unwanted software program.
Publisher:
Capital Intellect, Inc.  (signed by BeFrugal.com (Capital Intellect Inc.))

Product:
BeFrugal.com Helper

Version:
2013.3.17.9

MD5:
14b87ae7ff052758d718d85e2716e772

SHA-1:
d3ebc348058e7a6dce0ccf6e6e58246d68ae27c5

SHA-256:
93eff1970a95b2cdf1b008c818d01314504ee38d2a59b31e408c50a760512639

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/25/2024 12:56:51 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.BeFrugal (M)
17.1.25.15

File size:
402 KB (411,680 bytes)

Product version:
2013.3.17.9

Copyright:
Copyright © 2011-2013 Capital Intellect, Inc. All Rights Reserved.

Trademarks:
All Rights Reserved. Patents Pending. Capital Intellect, Inc.

Original file name:
BFHP.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\programs\befrugal.com\add-on\2013.3.17.9\bfhp.exe

Digital Signature
Signed by:
BeFrugal.com (Capital Intellect Inc.)

Authority:
Symantec Corporation

Valid from:
12/9/2014 7:00:00 PM

Valid to:
12/9/2017 6:59:59 PM

Subject:
CN=BeFrugal.com (Capital Intellect Inc.), O=BeFrugal.com (Capital Intellect Inc.), L=Boston, S=Massachusetts, C=US, SERIALNUMBER=3324134, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
07938B222AB6BB2F5FB317364DED4C9F

File PE Metadata
Compilation timestamp:
2/3/2015 8:07:08 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x1976C

Entry point:
E8, AF, 73, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 60, 9B, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 68, 90, 42, 00, C9, C2, 08, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82...
 
[+]

Entropy:
5.2869

Code size:
156.5 KB (160,256 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
BFHP

Command:
C:\users\{user}\appdata\local\programs\befrugal.com\add-on\2013.3.17.9\bfhp.exe


The file BFHP.exe has been discovered within the following program.

Cash Back Assistant  by Capital Intellect Inc.
Publisher's description - “Get automatic coupon alerts and earn Cash Back at 4000+ top stores. Plus instantly access hundreds of weekly ad flyers, restaurant coupons and more. The BeFrugal.com Toolbar keeps members up to date on Cash Back and coupon alerts.”
www.befrugal.com/addon
About 73% of users remove it
 
Powered by Should I Remove It?

Remove BFHP.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.