» BibaApplication.exe
Overview
Analysis
File Details
Behaviors (1)

BibaApplication.exe

Biba Windows Desktop

Biba Systems, Inc

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Bibastage’.

File name:

BibaApplication.exe

Publisher:

Biba (signed by Biba Systems, Inc)

Product:

Biba Windows Desktop

Description:

Bibastage

Version:

3.14.6383.1

MD5:

87a57b714ae256908a94eee30c6d0afa

SHA-1:

851a2882f643379e6dbd483c2777509b8e46d6de

SHA-256:

f9c96a6a45d4722c159fd0aaaa05f3b0c285aed1006a04727f791e05a9f3ebd3

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/23/2024 7:48:04 PM UTC (today)

File size:

6.3 MB (6,654,688 bytes)

Product version:

Biba Application

Biba 2013

Original file name:

BibaApplication.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\bibastage\bibaapplication.exe

Digital Signature

Signed by:

Biba Systems, Inc

Authority:

GoDaddy.com, Inc.

Valid from:

10/17/2013 5:27:25 AM

Valid to:

10/17/2016 5:27:25 AM

Subject:

CN="Biba Systems, Inc", O="Biba Systems, Inc", L=San Francisco, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B74B2249161F7

File PE Metadata

Compilation timestamp:

9/2/2016 9:56:03 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

98304:+NeAh9V0RTylO2bpJXzxaXqJEPDo5yGeBVeaUWF3d:ih9V0R8BxVP5feB7r

Entry address:

0x60180E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.7397

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

6 MB (6,289,920 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Bibastage

Command:

C:\users\{user}\appdata\roaming\bibastage\bibaapplication.exe

Scan BibaApplication.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.