microsoft-office-visio-professional-2013.exe

web

Bibado Investments, S.L.

The application microsoft-office-visio-professional-2013.exe, “web Setup ” by Bibado Investments, S.L has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Bibado Downloader installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.binariesbitsuniverse.com and multiple other hosts.
Publisher:
Web Installer   (signed by Bibado Investments, S.L.)

Product:
web

Description:
web Setup

MD5:
b1080165416d76ec0ca5b08372a1e83c

SHA-1:
3a1b72db64aee0ca63d3b4e9b53a4c21be58bed0

SHA-256:
8193bc8ca4074c292073cdc34b868bd1252ef4f5161d7928b2fb00083bb72232

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
1/24/2025 7:33:43 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Bibado.BibadoInvestments.Bundler (M)
16.2.20.2

File size:
991.8 KB (1,015,624 bytes)

Product version:
2.3

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Bibado Downloader (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\microsoft-office-visio-professional-2013.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/12/2016 8:57:03 PM

Valid to:
4/2/2017 4:32:01 PM

Subject:
CN="Bibado Investments, S.L.", O="Bibado Investments, S.L.", L=Alcorcon, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121212301396FAE08B19C17F8D9578163C9

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:Iq0HMDYBt4lTXw4jpVoHJa/c5IS4nMmCF/gZBJxNE+mKU2hUrK5bIuZ:Iq0MD1lTLss/8xIiuJHeK5bv

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9276

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file microsoft-office-visio-professional-2013.exe has been seen being distributed by the following 3 URLs.

Remove microsoft-office-visio-professional-2013.exe - Powered by Reason Core Security