f_004e0a

Big Bulb Ideas IT Pvt Ltd

The file f_004e0a by Big Bulb Ideas IT Pvt has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.
Publisher:
Big Bulb Ideas IT Pvt Ltd  (signed and verified)

MD5:
a651b736618996300c9b22fdd2263a05

SHA-1:
ef9d8c1351e75ba93b68d6e1e996c4460fec7877

SHA-256:
61672a2034701c6d0d3108bfa4d2db9fc255c6deace88986e4f7aa3bfd7ed130

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
11/5/2024 1:36:10 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen
7.11.212.6

Baidu Antivirus
PUA.Win32.InstallMonetizer
4.0.3.15222

Dr.Web
Adware.Downware.8749
9.0.1.053

ESET NOD32
Win32/InstallMonetizer.BB potentially unwanted
9.11215

K7 AntiVirus
Trojan
13.197.15043

McAfee
Artemis!A651B7366189
5600.6846

NANO AntiVirus
Riskware.Nsis.Downware.dnxngr
0.30.0.296

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.BigBulbIdeasITPvt
15.2.22.16

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.15220

Trend Micro House Call
Suspicious_GEN.F47V0219
7.2.53

VIPRE Antivirus
InstallMonetizer
37794

File size:
422.4 KB (432,536 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\cache\f_004e0a

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/27/2013 6:00:00 PM

Valid to:
11/28/2014 5:59:59 PM

Subject:
CN=Big Bulb Ideas IT Pvt Ltd, O=Big Bulb Ideas IT Pvt Ltd, STREET="C5/1, Road#2, Vikrampuri Colony", L=Secunderabad, S=Andhra Pradesh, PostalCode=500006, C=IN

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EC052E7D4F74A667E7C16553EE590DBE

File PE Metadata
Compilation timestamp:
12/5/2009 4:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:V1Pp5EdVplMCB40ioRSWpgpGeg00DuUbJd5A8K:jEdXWCm0ioEpGX0cbJd5A8K

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8393

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove f_004e0a - Powered by Reason Core Security