bprotection.exe

SIEN S.A.

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application bprotection.exe by SIEN S.A has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the SIEN SuperInstall installer. The file has been seen being downloaded from vzapp.iminent.com.
Publisher:
SIEN S.A.  (signed and verified)

MD5:
7792493ebc16f3f10988f03ff1f60022

SHA-1:
c14c3be7cbb7087866123960dc2e09736f3804fc

SHA-256:
6a768c712fc46069b78e7a2865759d91db1b019dd54e09f65ff3b65bf3ec7c35

Scanner detections:
13 / 68

Status:
Potentially unwanted

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/30/2024 7:54:50 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/Iminent.AB
7.11.196.126

avast!
Win32:Malware-gen
2014.9-141219

Baidu Antivirus
PUA.Win32.Iminent
4.0.3.141219

Dr.Web
Adware.Downware.8755
9.0.1.0353

ESET NOD32
Win32/Toolbar.Iminent (variant)
8.10893

Fortinet FortiGate
Riskware/Iminent
12/19/2014

G Data
Win32.Trojan.Agent.YAZTJO
14.12.24

IKARUS anti.virus
PUA.Toolbar.Iminent
t3scan.1.8.5.0

Malwarebytes
PUP.Optional.Iminent
v2014.12.19.10

McAfee
Artemis!7792493EBC16
5600.6912

Reason Heuristics
PUP.SIENSA.L
14.12.19.9

Trend Micro House Call
Suspicious_GEN.F47V1111
7.2.353

VIPRE Antivirus
Iminent
35820

File size:
2.5 MB (2,642,192 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\atony5ji\bprotection.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
5/12/2014 5:20:39 PM

Valid to:
5/13/2015 5:20:39 PM

Subject:
E=support@sien.com, CN=SIEN S.A., O=SIEN S.A., L=Paris, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D12A06D1B366EFC0AF40F74B7D6BFEFE

File PE Metadata
Compilation timestamp:
12/1/2013 5:08:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:0qe3UfkLYEx/F0TV9919SodU3jhR4ZFK9FTvlBQzp7:0qCUskeYv9zSo6R8FkFlBk

Entry address:
0x1D728

Entry point:
E8, F0, 57, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 05, FD, FF, FF, C7, 06, E4, 81, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, E4, 81, 42, 00, E9, BA, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, E4, 81, 42, 00, E8, A7, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, D1, C9, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Entropy:
7.9193  (probably packed)

Code size:
149.5 KB (153,088 bytes)

The file bprotection.exe has been seen being distributed by the following URL.

Remove bprotection.exe - Powered by Reason Core Security