home

bnd_ar_v9.exe

Beijing ELEX Technology Co.,Ltd

The application bnd_ar_v9.exe by Beijing ELEX Technology Co.,Ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Beijing ELEX Technology Co.,Ltd  (signed and verified)

Version:
2.0.2.2632

MD5:
182f0617578ecc839f030044b3f73255

SHA-1:
bd86c6ccdfadbd1244fde93e9aa09d2a92af46a4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
1/24/2025 1:30:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
16.9.28.12

File size:
508.1 KB (520,336 bytes)

Product version:
2.0.2.2632

Copyright:
Copyright NewPack(C) 2013

Original file name:
NewPack.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\bnd_ar_v9.exe

Digital Signature
Signed by:
Beijing ELEX Technology Co.,Ltd

Authority:
GlobalSign nv-sa

Valid from:
7/26/2013 7:54:20 AM

Valid to:
7/27/2014 7:54:20 AM

Subject:
CN="Beijing ELEX Technology Co.,Ltd", O="Beijing ELEX Technology Co.,Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112131F67BDEA1D6D12E11D656C8BE509ECE

File PE Metadata
Compilation timestamp:
10/8/2013 12:30:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:evr+yOUqrKq7rGnvlrOj987AAUYOFFnHzVN94Xf:KorH7chcsP7QVVNWv

Entry address:
0x1000

Entry point:
68, 01, 30, 4C, 00, E8, 01, 00, 00, 00, C3, C3, 69, C8, 91, FA, 68, 6A, BF, 04, 52, 50, 48, 9F, BB, 44, F9, 92, 31, 7B, 06, 32, B7, 00, D1, 53, D8, 68, 32, 7D, 6E, 39, 46, 3D, B6, 9D, 51, 01, D9, 96, 0F, FE, 7F, F2, DF, 05, 36, C4, 6B, B8, F0, A4, 72, 24, F4, 4F, DD, B1, 4C, 69, DF, 12, 11, 3C, AE, F7, 24, B9, D3, C8, F4, 2F, 8F, 20, C7, F9, 04, 12, C9, BA, A7, E2, 83, 37, CA, 94, 2F, CA, 98, D3, 51, A1, 37, 08, EF, 6B, 2D, C5, 8E, 05, 0B, 10, BD, 61, 91, 5B, F9, F5, 29, EB, 21, 16, 99, F5, 73, EB, 3F, A8...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
494 KB (505,856 bytes)

Remove bnd_ar_v9.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.