freeocr___1_10209_gc.exe

Big Bulb Ideas IT Pvt Ltd

The application freeocr___1_10209_gc.exe by Big Bulb Ideas IT Pvt has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.
Publisher:
Big Bulb Ideas IT Pvt Ltd  (signed and verified)

MD5:
7221cbac394df24c6972911f541af60e

SHA-1:
56c6054b75090be9e618dcbd7c433ae0961b46f5

SHA-256:
c1dcf28cc7cea9068f18b261940d89258b53423d57a4478670d113fc0b4ee1f8

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
11/5/2024 1:48:47 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen
7.11.210.156

avast!
Win32:Dropper-gen [Drp]
2014.9-150531

Baidu Antivirus
PUA.Win32.InstallMonetizer
4.0.3.15531

Dr.Web
Adware.Downware.8749
9.0.1.0151

ESET NOD32
Win32/InstallMonetizer.BB potentially unwanted
9.11186

G Data
Win32.Trojan.Agent.LO2Z6R
15.5.25

K7 AntiVirus
Trojan
13.195.14983

Malwarebytes
Riskware.Vmdetector
v2015.05.31.02

McAfee
Artemis!7221CBAC394D
5600.6748

Reason Heuristics
PUP.Installer.BigBulbIdeasITPvt
15.5.31.10

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.15529

Sophos
AppMonetizer Installer
4.98

Trend Micro House Call
Suspicious_GEN.F47V0208
7.2.151

VIPRE Antivirus
InstallMonetizer
37628

File size:
584.8 KB (598,784 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\freeocr___1_10209_gc.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/28/2013 4:00:00 AM

Valid to:
11/29/2014 3:59:59 AM

Subject:
CN=Big Bulb Ideas IT Pvt Ltd, O=Big Bulb Ideas IT Pvt Ltd, STREET="C5/1, Road#2, Vikrampuri Colony", L=Secunderabad, S=Andhra Pradesh, PostalCode=500006, C=IN

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EC052E7D4F74A667E7C16553EE590DBE

File PE Metadata
Compilation timestamp:
12/6/2009 2:52:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:wOZp5EdVplMCB4zabJd5Ag07Du1DVCYtrbJd5A81wVC/l:1JEdXWCmzabJd5Ag0kxCYtrbJd5A81u8

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9012

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove freeocr___1_10209_gc.exe - Powered by Reason Core Security