bmasetup.exe

OOO Lega Media

The application bmasetup.exe by OOO Lega Media has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from update.bmmedia.net.
Publisher:
OOO Lega Media  (signed and verified)

MD5:
a4b18d49a8c14a980582f0ff096aa99c

SHA-1:
27cacdc7d768aa95f989ca4261585f71950de9a4

SHA-256:
8bcf8f4ea69b89be7fddf21faa7326c9b199f71ec920c04f9f56c4e4a8601015

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
11/16/2024 8:26:18 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/BmMedia.E.1
8.3.1.6

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Downware.2095
9.0.1.0157

NANO AntiVirus
Riskware.Nsis.Adware.dqadiu
0.30.24.1636

Reason Heuristics
PUP.Installer.OOOLegaMedia
15.6.6.11

Trend Micro House Call
Suspici.6C64B4AC
7.2.157

File size:
1.5 MB (1,595,184 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\bmasetup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/16/2014 8:00:00 PM

Valid to:
6/15/2017 7:59:59 PM

Subject:
CN=OOO Lega Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OOO Lega Media, L=Saint-Petersburg, S=Saint-Petersburg, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
50BBBBFD1DC0231CA78AE1E5F30E0E41

File PE Metadata
Compilation timestamp:
11/27/2013 1:18:53 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:/bausBVJpdLUVh1I4ilWgmCfiYvcJVtuP1yszi4JpFfo0:/baBB3L4+4ilrw3Uoazfo0

Entry address:
0x38DA

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 0D, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, EF, 26, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, DD, 26, 00, 00...
 
[+]

Entropy:
7.9827

Packer / compiler:
Nullsoft install system v2.x

Code size:
28.5 KB (29,184 bytes)

The file bmasetup.exe has been seen being distributed by the following URL.

Remove bmasetup.exe - Powered by Reason Core Security