f_0000ec

Big Bulb Ideas IT Pvt Ltd

The file f_0000ec by Big Bulb Ideas IT Pvt has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.
Publisher:
Big Bulb Ideas IT Pvt Ltd  (signed and verified)

MD5:
bcdbbe3cb71b231425354f7e431b0827

SHA-1:
9829f3beed39888f93b75f0fad09933669766c58

SHA-256:
a48092934a2ccb157aac4d3ec8ca19e8085860724998fe9ffd7a490023e7470d

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
11/5/2024 1:53:35 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen
7.11.210.88

Baidu Antivirus
PUA.Win32.InstallMonetizer
4.0.3.15215

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
Win32/InstallMonetizer.BB potentially unwanted application
7.0.302.0

K7 AntiVirus
Trojan
13.194.14970

Malwarebytes
Riskware.Vmdetector
v2015.02.15.11

McAfee
Trojan.Artemis!841022AAD40A
16.8.708.2

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.BigBulbIdeasITPvt
15.2.15.23

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.15213

Sophos
AppMonetizer Installer
4.98

Trend Micro House Call
Suspici.44A95FC4
7.2.46

VIPRE Antivirus
Threat.4786532
37588

File size:
581.1 KB (595,008 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\cache\f_0000ec

Digital Signature
Authority:
COMODO CA Limited

Subject:
CN=Big Bulb Ideas IT Pvt Ltd, O=Big Bulb Ideas IT Pvt Ltd, STREET="C5/1, Road#2, Vikrampuri Colony", L=Secunderabad, S=Andhra Pradesh, PostalCode=500006, C=IN

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EC052E7D4F74A667E7C16553EE590DBE

File PE Metadata
Compilation timestamp:
12/6/2009 9:22:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:Tcrpp5EdVplMCB4yjvykwGYpgDvfODu1iVCJZrbJd5A81wVC/v:Q9EdXWCmO69sbfHgCJZrbJd5A81uC/v

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8993

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove f_0000ec - Powered by Reason Core Security