freeocr___1_10209_ff.exe

Big Bulb Ideas IT Pvt Ltd

The application freeocr___1_10209_ff.exe by Big Bulb Ideas IT Pvt has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.
Publisher:
Big Bulb Ideas IT Pvt Ltd  (signed and verified)

MD5:
cae28f09c866c8ce95cd4f892e8fb3dd

SHA-1:
f901028bdc8ffb4c3196a7bfb5f7657f7c1fcfd8

SHA-256:
3482aba5dc5f4a3e43d791b77687db85fe887cfc5fa7323d32117a54a4ad1f96

Scanner detections:
30 / 68

Status:
Adware

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/25/2024 12:48:11 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen
7.11.202.118

avast!
Win32:Adware-gen [Adw]
2014.9-150325

Baidu Antivirus
PUA.Win32.InstallMonetizer
4.0.3.15325

Dr.Web
Adware.Downware.8749
9.0.1.084

ESET NOD32
Win32/InstallMonetizer.BB
9.11071

herdProtect (fuzzy)
2015.6.30.1

K7 AntiVirus
Trojan
13.191.14674

Malwarebytes
Riskware.Vmdetector
v2015.03.25.06

McAfee
Artemis!7E975B631549
5600.6816

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.BigBulbIdeasITPvt
15.3.25.6

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.15323

Sophos
Generic PUA MB
4.98

Trend Micro House Call
Suspicious_GEN.F47V0115
7.2.84

VIPRE Antivirus
InstallMonetizer
36766

File size:
584.6 KB (598,656 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\programs\freeocr___1_10209_ff.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/28/2013 1:00:00 AM

Valid to:
11/29/2014 12:59:59 AM

Subject:
CN=Big Bulb Ideas IT Pvt Ltd, O=Big Bulb Ideas IT Pvt Ltd, STREET="C5/1, Road#2, Vikrampuri Colony", L=Secunderabad, S=Andhra Pradesh, PostalCode=500006, C=IN

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EC052E7D4F74A667E7C16553EE590DBE

File PE Metadata
Compilation timestamp:
12/5/2009 11:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:mk69p5EdVplMCB4oFbcqZmDObJd5AJ0eDu1xVCDwrbJd5A81wVC/7:CEdXWCm6KObJd5AJ0X/CDwrbJd5A81uY

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9006

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove freeocr___1_10209_ff.exe - Powered by Reason Core Security