» internet_explorer_og_8254.exe
Overview
Analysis
File Details

internet_explorer_og_8254.exe

Big Bulb Ideas IT Pvt Ltd

The application internet_explorer_og_8254.exe by Big Bulb Ideas IT Pvt has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.

File name:

Publisher:

Big Bulb Ideas IT Pvt Ltd (signed and verified)

MD5:

23c2a7418acba7733094a3a84fb5b721

SHA-1:

37100dc6480e5a3f6fd14bc78ccb3efeb78fb5c9

SHA-256:

9c1ca04f81728128a274af3fda9263f610d51cca8399cf93d73b125f4f988d3c

Scanner detections:

8 / 68

Status:

Adware

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

11/5/2024 6:37:18 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/InstallMonetizer.AG

8.8905

Malwarebytes

PUP.Optional.InstallMonetizer

v2014.12.16.11

McAfee

Artemis!23C2A7418ACB

5600.6914

Microsoft Security Essentials

SoftwareBundler:Win32/InstallMonetizer

1.163.1557.0

Reason Heuristics

PUP.BigBulbIdeasITPvt.Z

14.12.16.23

SUPERAntiSpyware

Heur.Agent/Gen-WhiteBox

10173

Trend Micro House Call

TROJ_GEN.F47V0913

7.2.350

VIPRE Antivirus

InstallMonetizer

22280

File size:

452.4 KB (463,208 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\internet_explorer_og_8254.exe

Digital Signature

Signed by:

Big Bulb Ideas IT Pvt Ltd

Authority:

GoDaddy.com, Inc.

Valid from:

10/31/2012 5:39:25 AM

Valid to:

10/23/2013 12:49:14 AM

Subject:

CN=Big Bulb Ideas IT Pvt Ltd, O=Big Bulb Ideas IT Pvt Ltd, L=Secunderabad, S=Andhra Pradesh, C=IN

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

4F23C3D665B751

File PE Metadata

Compilation timestamp:

12/5/2009 2:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:WnA/glDCjkaATlRp86x9iQFpaVbJd5A8g:WnKg1CjkaAZk63iQuVbJd5A8g

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.6278

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove internet_explorer_og_8254.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.