bitlocker-drives-unlocker.exe

BitLocker Drives Unlocker

AddictiveTips

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘BitLocker Drives Unlocker’. The file has been seen being downloaded from www.winsite.com and multiple other hosts.
Publisher:
AddictiveTips

Product:
BitLocker Drives Unlocker

Version:
1.0.0.0

MD5:
7c3970d524f3fdab58e9f0a33e62642c

SHA-1:
266f7b5968ee3bcb7b5d44b8a1f8eec2ade8623b

SHA-256:
15aa9dd648de6d0dad34406de6439d35f7e1a99f1b67e9c6663b03d4e7ba8d55

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 5:55:07 AM UTC  (today)

File size:
207.5 KB (212,480 bytes)

Product version:
1.0.0.0

Copyright:
© AddictiveTips

Original file name:
BLDU.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
8/17/2011 10:21:23 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:5eEQmboiflLKnXGoJCV26zPRluVRy+OKnXGoJCVq6:57pyCV2KC0yCVq

Entry address:
0x2177E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.0147

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
126 KB (129,024 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
BitLocker Drives Unlocker

Command:
C:\apps & movies\movies\downloads\bitlocker-drives-unlocker.exe


The file bitlocker-drives-unlocker.exe has been seen being distributed by the following 3 URLs.

http://www.winsite.com/Utilities/Miscellaneous/BitLocker-Drives-Unlocker/.../588107

http://cloud.addictivetips.com/wp-content/uploads/2011/.../BitLocker-Drives-Unlocker.exe

Scan bitlocker-drives-unlocker.exe - Powered by Reason Core Security