» easybcd.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (26)

easybcd.exe

QuickEngine

TLAPIA

The application easybcd.exe, “This installer database contains the logic and data required to install QuickEngine.” by TLAPIA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘C:\Users\Franco\Downloads\easybcd (1).exe’.

File name:

easybcd.exe

Publisher:

TLAPIA (signed and verified)

Product:

QuickEngine

Description:

This installer database contains the logic and data required to install QuickEngine.

Version:

1.0.1

MD5:

5cd1af0b264906e2ba3cb432f235b3c5

SHA-1:

8caa34fb541f1ee4c33adf2ded58414c3cd02893

SHA-256:

9aae8b2d8cac38ca0809a0ea2c6b57d5f629bd44c7ae3adb8318277a492e6e1c

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 9:51:46 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.TLAPIA.Installer (M)

16.3.7.12

File size:

4.6 MB (4,860,600 bytes)

Product version:

1.0.1

Original file name:

tlp_downloader.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\easybcd.exe

Digital Signature

Signed by:

TLAPIA

Authority:

VeriSign, Inc.

Valid from:

1/22/2013 12:00:00 AM

Valid to:

1/22/2014 11:59:59 PM

Subject:

CN=TLAPIA, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TLAPIA, L=Montevideo, S=montevideo, C=UY

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

59F70BE7091286E5251B02778D136FF2

File PE Metadata

Compilation timestamp:

2/4/2013 2:41:15 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:jiUAz/423/F89AHGp5uLCN30qoF3XcZvwaW7s00rG5zPTYeAGDSwE1sdRv+:jiM2tM5uLC50B2ZvwaWErGhPiVIRv+

Entry address:

0xB01B9

Entry point:

E8, A8, C9, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, F0, 33, DB, 3B, F3, 75, 1E, E8, 00, 48, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, CB, EB, FF, FF, 83, C4, 14, 8B, C6, E9, C2, 00, 00, 00, 57, 39, 5D, 0C, 77, 1E, E8, DC, 47, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, A7, EB, FF, FF, 83, C4, 14, 8B, C6, E9, 9D, 00, 00, 00, 33, C0, 39, 5D, 14, 66, 89, 06, 0F, 95, C0, 40, 39, 45, 0C, 77, 09, E8, AD, 47, 00, 00, 6A, 22, EB, CF, 8B, 45, 10, 83, C0, FE, 83, F8, 22, 77... 
[+]

Entropy:

7.2928

Code size:

910.5 KB (932,352 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

C:\users\{user}\downloads\easybcd.exe

Command:

"C:\users\{user}\downloads\easybcd.exe" \exenoupdates \exelang 0 \prereqs "0,1"

The file easybcd.exe has been seen being distributed by the following 26 URLs.

http://www.instant-dl.com/.../windows-live-messenger-file.exe

http://www.instant-dl.com/.../openoffice-file.exe

http://www.instant-dl.com/.../samsung-kies-file.exe

http://www.instant-dl.com/.../outlook-file.exe

http://www.instant-dl.com/.../flash-player-file.exe

http://www.instant-dl.com/.../teamviewer-file.exe

http://www.instant-dl.com/.../age-of-empires-iii-file.exe

http://www.instant-dl.com/.../java-file.exe

http://www.instant-dl.com/wwe-raw-file.exe

http://www.instant-dl.com/.../sumotori-dreams-file.exe

http://www.instant-dl.com/.../skype-file.exe

http://www.instant-dl.com/.../pale-moon-file.exe

http://www.instant-dl.com/.../cacaoweb-file.exe

http://www.instant-dl.com/.../code-de-la-route-file.exe

http://www.instant-dl.com/.../vuze-file.exe

http://www.instant-dl.com/.../skype-file.exe

http://www.instant-dl.com/.../ccleaner-file.exe

http://www.instant-dl.com/.../photoshop-file.exe

http://www.instant-dl.com/.../samsung-kies-file.exe

http://www.instant-dl.com/.../avant-browser-file.exe

http://www.instant-dl.com/.../skype-file.exe

http://www.instant-dl.com/.../pdfcreator-file.exe

http://www.instant-dl.com/.../pulse-file.exe

http://www.instant-dl.com/.../regclean-pro-file.exe

http://www.instant-dl.com/.../windows-media-player-file.exe

http://www.instant-dl.com/.../minecraft-file.exe

Remove easybcd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.