bflix.exe

Setup

WEB PICK - INTERNET HOLDINGS LTD

This is a WebPick installer that bundles (with very minimal user consent) a number of adware browser extensions which inject ads in the browser. The application bflix.exe by WEB PICK - INTERNET HOLDINGS has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.premiumsoft.info.
Publisher:
Premium  (signed by WEB PICK - INTERNET HOLDINGS LTD)

Product:
Setup

Description:
Installer

Version:
2011.10.25.2323

MD5:
a163d6ab30852a93e728cd0b279f8135

SHA-1:
49c1fe1a67d70af0ae121921ee9493c782287c53

SHA-256:
3cdc0549855bb65f3d135a3cee93f8a091c0d4a6ac91f721d3494073c7c5a271

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/6/2024 2:26:31 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebPick.WEBPICKINTERNETHOLDINGS.Installer (M)
16.2.24.0

File size:
232.6 KB (238,232 bytes)

Product version:
1.0

Copyright:
Copyright © 2010 Premium

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\bflix.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
3/23/2011 8:00:00 AM

Valid to:
3/23/2012 7:59:59 AM

Subject:
CN=WEB PICK - INTERNET HOLDINGS LTD, O=WEB PICK - INTERNET HOLDINGS LTD, L=Ramat Hasharon, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5EAC6DE3D7E9F2DD8E3EDA0B72C306CA

File PE Metadata
Compilation timestamp:
10/24/2011 3:20:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:2H6yI+RoRLRQZv5D+0MiMW6apXIISyd7J+mLHBW1Lc9Nyr6h/wl2ubuMhEC8RBNM:2V2Ul5i0Mm6aQc6UeYbu/hK6AcEcgtY

Entry address:
0x14AE

Entry point:
55, 8B, EC, 81, EC, 24, 0A, 00, 00, 53, 56, 33, F6, 57, 66, 89, B5, DC, F5, FF, FF, 89, 75, F4, 89, 75, FC, FF, 15, 68, 30, 40, 00, A3, 00, 40, 40, 00, FF, 15, 64, 30, 40, 00, 89, 45, F8, 68, 04, 01, 00, 00, 8D, 85, EC, FD, FF, FF, 50, 56, FF, 15, 60, 30, 40, 00, 85, C0, 75, 22, FF, 15, 5C, 30, 40, 00, 50, 68, B8, 33, 40, 00, E8, 77, FB, FF, FF, 59, 59, C7, 05, 04, 40, 40, 00, FF, 00, 00, 00, E9, F7, 01, 00, 00, 56, FF, 15, 58, 30, 40, 00, 8B, 48, 3C, 03, C8, 66, 81, 38, 4D, 5A, 0F, 85, BC, 01, 00, 00, 81...
 
[+]

Entropy:
7.9408

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The file bflix.exe has been seen being distributed by the following URL.

Remove bflix.exe - Powered by Reason Core Security