billybob.exe

Media Contact LLC

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from z.gametop.com and multiple other hosts.
Publisher:
Media Contact LLC

Description:
Billy Bob Setup

MD5:
79a45505d2f1da071b29fa30dee70eb8

SHA-1:
1a717595703530fbba40ae8206cc0307d4b5fc3f

SHA-256:
7145e9e439416aa9f5651984fb6473f9afe8aa01552b7c15e238b8d550a78d3f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/24/2024 5:15:35 PM UTC  (today)

File size:
6.7 MB (7,028,454 bytes)

Copyright:
Copyright (C) Media Contact LLC

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\billybob.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:1y0+7H7M831ZPImJC6VsRh2vac2sOGvswFUxKMAymT7:j+7gq1ZPImJzpvr2sOaagymT7

Entry address:
0x98BC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 0A, 98, FF, FF, E8, 11, AA, FF, FF, E8, 3C, CC, FF, FF, E8, 83, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 66, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 1C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, FC, D0, FF, FF, 8B, 55, F0, B8, D4, BD, 40, 00, E8, BB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D4, BD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.9994

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file billybob.exe has been discovered within the following program.

Some versions of COWON Media Center bundles a branded version of the Conduit Toolbar, which delivers search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar.
www.cowonamerica.com
30% remove it
 
Powered by Should I Remove It?

The file billybob.exe has been seen being distributed by the following 2 URLs.

Scan billybob.exe - Powered by Reason Core Security