offerblvd.exe

The application offerblvd.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from d2vubraihqcany.cloudfront.net and multiple other hosts.
Version:
1.0.6.5

MD5:
e54abc592fbe60429e02f6d9f7ee2833

SHA-1:
397f8432c984261a69e379acab8201c6f4ddf0c9

SHA-256:
412da343068faeaabd9babe5cc66b77d8e169f9560dd1661aabcb3148cffbd8d

Scanner detections:
24 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:13:40 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Dropper.115
794

Agnitum Outpost
Trojan.DR.Agent
7.1.1

Avira AntiVirus
TR/Dropper.A.33434
7.11.190.32

avast!
Win32:Dropper-gen [Drp]
2014.9-141203

AVG
Dropper.Generic9
2015.0.3272

Baidu Antivirus
Adware.Win32.OfferBLVD
4.0.3.15115

Bitdefender
Gen:Variant.Dropper.115
1.0.20.1685

Emsisoft Anti-Malware
Adware.Smartbar.V
8.15.01.15.10

F-Secure
Gen:Variant.Dropper.115
11.2014-03-12_4

G Data
Gen:Variant.Dropper.115
14.12.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.5.0

K7 AntiVirus
Riskware
13.186.14225

Kaspersky
not-a-virus:AdWare.Win32.OfferBLVD
14.0.0.2635

McAfee
Artemis!E54ABC592FBE
5600.6928

MicroWorld eScan
Gen:Variant.Dropper.115
15.0.0.1011

nProtect
Adware.Smartbar.V
15.01.12.01

Panda Antivirus
Generic Suspicious
15.01.15.10

Qihoo 360 Security
Win32/Trojan.7a4
1.0.0.1015

Quick Heal
AdWare.OfferBLVD.r5 (Not a Virus)
1.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.1.15.22

Trend Micro House Call
TROJ_GEN.R047H09KQ14
7.2.337

Trend Micro
TROJ_GEN.R04AC0EAC15
10.465.15

Vba32 AntiVirus
AdWare.OfferBLVD
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
35380

File size:
1.3 MB (1,396,736 bytes)

Product version:
1.0.6.5

Copyright:
Copyright (C) 2014

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\offerblvd.exe

File PE Metadata
Compilation timestamp:
11/25/2014 4:44:54 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:LCbsTzSNnuYjKvjVaCC6eIhSvbGQab+Axmw3DhNOgNx07N+3W8AN5pK7:2bPNuYjKvjMIhSDcrzzOkxmNv8ADo7

Entry address:
0xB4AA

Entry point:
E8, 56, 6C, 00, 00, E9, 89, FE, FF, FF, FF, 35, 90, 31, 42, 4F, FF, 15, 88, A0, 41, 4F, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 6E, 3E, 00, 00, 6A, 01, 6A, 00, E8, 62, 2E, 00, 00, 83, C4, 0C, E9, 27, 2E, 00, 00, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41...
 
[+]

Entropy:
7.9545  (probably packed)

Code size:
100 KB (102,400 bytes)

The file offerblvd.exe has been seen being distributed by the following 2 URLs.

Remove offerblvd.exe - Powered by Reason Core Security