bullguardsetup_ch.exe

NCIS Technologies Ltd.

The application bullguardsetup_ch.exe by NCIS Technologies has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
NCIS Technologies Ltd.  (signed and verified)

MD5:
22acaced18bd49bc3de2962183d3850a

SHA-1:
13ea0e8e0f882d65cde70cfa6195bdb015b89084

SHA-256:
936361230cfd11d448549397f87299fe7e803abd2c815b241fc42c51f14f9903

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 2:58:50 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.MarketScore
7.1.1

Avira AntiVirus
ADSPY/NaviPromo.J
7.11.91.130

avast!
Win32:PUP-gen [PUP]
2014.9-161006

AVG
RelevantKnowledge
2017.0.2599

Bitdefender
Adware.Relevant.BH
1.0.20.1400

Comodo Security
ApplicUnwnt.Win32.AdWare.RK.~E
16629

Dr.Web
Adware.Relevant.81
9.0.1.0280

Emsisoft Anti-Malware
Adware.Relevant.BH
8.16.10.06.07

ESET NOD32
Win32/Adware.RK.AQ
10.8594

G Data
Adware.Relevant.BH
16.10.22

Malwarebytes
PUP.Adware.RelevantKnowledge
v2016.10.06.07

VIPRE Antivirus
Wajam
19764

File size:
821.2 KB (840,896 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\bullguardsetup_ch.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
12/17/2012 7:00:00 PM

Valid to:
12/18/2013 6:59:59 PM

Subject:
CN=NCIS Technologies Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NCIS Technologies Ltd., L=New York, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
585C0AB9FDA6AAF250B85A01CC89A67D

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:G0my3T5dayO0E6F9MCl+SvKmFwS4hn/043Of0eFrggMlwcdr0zA3yKRdrvaA0:G83T5gzgblFfUn/04+NObdz3THrvh0

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9591

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove bullguardsetup_ch.exe - Powered by Reason Core Security