bmicalculatorsetup_ch.exe

NCIS Technologies Ltd.

The application bmicalculatorsetup_ch.exe by NCIS Technologies has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
NCIS Technologies Ltd.  (signed and verified)

MD5:
9baa7c9f9333b646601e1eea9874070d

SHA-1:
3f505ed486385c4799b7323e274d1afedf07324a

SHA-256:
43229c6a8ded25e630fc68971b617d967eb9d0118a19c1a49d7e42dc01074db3

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 12:26:46 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.MarketScore
7.1.1

Avira AntiVirus
ADSPY/NaviPromo.J
7.11.59.186

avast!
Win32:PUP-gen [PUP]
2014.9-170107

AVG
RelevantKnowledge
2018.0.2505

Bitdefender
Adware.Relevant.BH
1.0.20.35

Comodo Security
ApplicUnwnt.Win32.AdWare.RK.~E
15168

Dr.Web
Adware.Relevant.81
9.0.1.07

Emsisoft Anti-Malware
Adware.Relevant.BH
8.17.01.07.06

ESET NOD32
Win32/Adware.MarketScore
11.7970

Fortinet FortiGate
Adware/Marketscore
1/7/2017

F-Secure
Adware.Relevant.BH
11.2017-07-01_7

G Data
Adware.Relevant.BH
17.1.22

MicroWorld eScan
Adware.Relevant.BH
18.0.0.21

nProtect
Adware.Relevant.BH
13.02.05.01

VIPRE Antivirus
InfoAtoms
15390

File size:
639.5 KB (654,856 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\bmicalculatorsetup_ch.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
12/17/2012 7:00:00 PM

Valid to:
12/18/2013 6:59:59 PM

Subject:
CN=NCIS Technologies Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NCIS Technologies Ltd., L=New York, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
585C0AB9FDA6AAF250B85A01CC89A67D

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9643

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove bmicalculatorsetup_ch.exe - Powered by Reason Core Security