» OfferBLVDW.exe
Overview
Analysis
File Details
Programs (1)
Network (8)

OfferBLVDW.exe

PennyBeeW

The application OfferBLVDW.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. This file is typically installed with the program OfferBLVD by Resoft Ltd. which is a potentially unwanted software program.

File name:

OfferBLVDW.exe

Product:

PennyBeeW

Version:

1.0.6.5

MD5:

b495060f243a35e3f579b71d51f65c58

SHA-1:

82b85d6f98e74572f5abcef6ac5912e3fd8fbf81

SHA-256:

5a08233331eda66f3262017269f162c6136c2592131493ffdfde7ad3711f81b9

Scanner detections:

12 / 68

Status:

Potentially unwanted

Analysis date:

11/5/2024 3:43:40 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.468568

793

avast!

Win32:Dropper-gen [Drp]

2014.9-141203

Baidu Antivirus

PUA.MSIL.Linkury

4.0.3.14123

Bitdefender

Gen:Variant.Kazy.468568

1.0.20.1685

Emsisoft Anti-Malware

Gen:Variant.Kazy.468568

8.14.12.03.12

ESET NOD32

MSIL/Toolbar.Linkury (variant)

8.10804

F-Secure

Gen:Variant.Kazy.468568

11.2014-03-12_4

G Data

Gen:Variant.Kazy.468568

14.12.24

McAfee

Artemis!B495060F243A

5600.6927

MicroWorld eScan

Gen:Variant.Kazy.468568

15.0.0.1011

Qihoo 360 Security

Win32/Trojan.554

1.0.0.1015

VIPRE Antivirus

Trojan.Win32.Generic

35286

File size:

300 KB (307,200 bytes)

Product version:

1.0.6.5

Original file name:

OfferBLVDW.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\offerblvd\offerblvdw.exe

File PE Metadata

Compilation timestamp:

11/25/2014 4:46:58 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:7VGLdYZIzOyUT1RxDEb0nv9VCk4mJ5DaIEO2vSlk+m17:Z4OywxDEInvco5DA6lw7

Entry address:

0x4C05E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.3042

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

296.5 KB (303,616 bytes)

The file OfferBLVDW.exe has been discovered within the following program.

OfferBLVD by Resoft Ltd.

OfferBLVD (SnapDo) is an Smartbar adware applicatication (such as Linkury by Resoft, same distributor) that is an adware (advertising supported) application that is designed for the purpose of displaying unwanted ads, software for PUP (potentially unwanted programs) and other offers.

www.offerblvd.com

79% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-230-48-25.jfk5.r.cloudfront.net (54.230.48.25:80)

TCP (HTTP):

Connects to haproxy7.ca.servers.visadd.com (198.50.251.252:80)

TCP (HTTP):

Connects to float.1192.bm-impbus.prod.sin1.adnexus.net (103.243.222.46:80)

TCP (HTTP):

Connects to ec2-54-235-180-232.compute-1.amazonaws.com (54.235.180.232:80)

TCP (HTTP):

Connects to ec2-23-21-45-44.compute-1.amazonaws.com (23.21.45.44:80)

TCP (HTTP):

Connects to ec2-184-73-219-105.compute-1.amazonaws.com (184.73.219.105:80)

TCP (HTTP):

Connects to 192-124-232-198.static.unitasglobal.net (198.232.124.192:80)

TCP (HTTP):

Connects to 119.81.4.133-static.reverse.softlayer.com (119.81.4.133:80)

Remove OfferBLVDW.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.