home

bit_che_3_5_50_install.exe

Bit Che

Convivea Inc.

The executable bit_che_3_5_50_install.exe, “Bit Che Installer ” has been detected as malware by 7 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from convivea.com.
Publisher:
Convivea Inc.

Product:
Bit Che

Description:
Bit Che Installer

Version:
3.5.50

MD5:
bab43bfe09d990b8dc3472ec5810f7d2

SHA-1:
71b8dee75688944898642a107541f4202cef038a

SHA-256:
8f1f4d4fe9e09d2bd43f2aa0b7ed5fe8153077760899c9be835f9c769865f959

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/23/2024 8:50:06 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160414-2

AVG
Win32/Sality
2015.0.4591

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
16.07.06

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.531.0

File size:
2.5 MB (2,669,304 bytes)

Product version:
3.5 build 50

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\bit_che_3_5_50_install.exe

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:u92bJaA9dHOjh9yCKHjunrLByet5v7F1I4jz823AA7et1y37bKt:I2bJaAPQDmjunr1fnv7F1I438c7Dr8

Entry address:
0xA5F8

Entry point:
60, 8D, 35, 41, D7, B9, 29, 0F, CF, B2, 48, 3B, F5, 72, 07, 0F, BA, FA, 7F, F6, C2, 85, 81, FF, 6C, 4C, 00, 00, 73, 0A, 69, ED, 69, DC, 97, 00, 0F, BA, F5, 60, 0F, BA, E9, 73, 0F, A5, DA, 0F, AC, C1, AD, 81, EE, FA, 9E, 00, 00, 0F, AD, C3, F2, 81, C6, E9, 0D, 00, 00, EB, 05, 0F, C1, F8, D1, C1, 68, 21, 42, A6, 00, 53, 0F, BA, E5, 97, C0, CA, D0, 0F, B6, F0, 68, 68, BB, 58, 00, 0F, CF, FE, CB, E8, 25, 00, 00, 00, 81, FA, 85, D1, 00, 00, 74, 08, 00, F0, F7, C1, 5E, 09, 53, 0A, 0F, C1, F6, F6, C5, 23, 81, EA...
 
[+]

Entropy:
7.9849  (probably packed)

Code size:
39.5 KB (40,448 bytes)

The file bit_che_3_5_50_install.exe has been seen being distributed by the following URL.

http://convivea.com/down.php?id=2

Remove bit_che_3_5_50_install.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.