freeocr___1_10209_ff.exe

Big Bulb Ideas IT Pvt Ltd

The application freeocr___1_10209_ff.exe by Big Bulb Ideas IT Pvt has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.
Publisher:
Big Bulb Ideas IT Pvt Ltd  (signed and verified)

MD5:
259b7fa6df1cd913a4df2b0fd5256e19

SHA-1:
2badfaf26e00ae45c832bca3ac60c341d17f64ba

SHA-256:
561c2022e81abd7d1494157fd42b4130944681bd57d4032e9c567bf533f7b4b4

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/25/2024 1:30:53 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen
7.11.210.156

Baidu Antivirus
PUA.Win32.InstallMonetizer
4.0.3.15328

Dr.Web
Threat.Undefined
9.0.1.087

ESET NOD32
Win32/InstallMonetizer.BB potentially unwanted application
9.7.0.302.0

herdProtect (fuzzy)
2015.7.3.1

K7 AntiVirus
Trojan
13.194.14970

Malwarebytes
Riskware.Vmdetector
v2015.03.28.10

McAfee
Trojan.Artemis!841022AAD40A
5600.6813

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.BigBulbIdeasITPvt
15.3.28.11

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.15326

Sophos
AppMonetizer Installer
4.98

Trend Micro House Call
Suspici.44A95FC4
7.2.87

VIPRE Antivirus
Threat.4786532
37588

File size:
581.1 KB (595,008 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\freeocr___1_10209_ff.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/28/2013 12:00:00 AM

Valid to:
11/28/2014 11:59:59 PM

Subject:
CN=Big Bulb Ideas IT Pvt Ltd, O=Big Bulb Ideas IT Pvt Ltd, STREET="C5/1, Road#2, Vikrampuri Colony", L=Secunderabad, S=Andhra Pradesh, PostalCode=500006, C=IN

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EC052E7D4F74A667E7C16553EE590DBE

File PE Metadata
Compilation timestamp:
12/5/2009 10:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:8crpp5EdVplMCB4yjvykwGYpgDvfODu1iVCJZrbJd5A81wVC/h:b9EdXWCmO69sbfHgCJZrbJd5A81uC/h

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8993

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove freeocr___1_10209_ff.exe - Powered by Reason Core Security