OfferBLVDW.exe

PennyBeeW

The application OfferBLVDW.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. This file is typically installed with the program OfferBLVD by Resoft Ltd. which is a potentially unwanted software program.
Product:
PennyBeeW

Version:
1.0.6.5

MD5:
b495060f243a35e3f579b71d51f65c58

SHA-1:
82b85d6f98e74572f5abcef6ac5912e3fd8fbf81

SHA-256:
5a08233331eda66f3262017269f162c6136c2592131493ffdfde7ad3711f81b9

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:11:35 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.468568
793

avast!
Win32:Dropper-gen [Drp]
2014.9-141203

Baidu Antivirus
PUA.MSIL.Linkury
4.0.3.14123

Bitdefender
Gen:Variant.Kazy.468568
1.0.20.1685

Emsisoft Anti-Malware
Gen:Variant.Kazy.468568
8.14.12.03.12

ESET NOD32
MSIL/Toolbar.Linkury (variant)
8.10804

F-Secure
Gen:Variant.Kazy.468568
11.2014-03-12_4

G Data
Gen:Variant.Kazy.468568
14.12.24

McAfee
Artemis!B495060F243A
5600.6927

MicroWorld eScan
Gen:Variant.Kazy.468568
15.0.0.1011

Qihoo 360 Security
Win32/Trojan.554
1.0.0.1015

VIPRE Antivirus
Trojan.Win32.Generic
35286

File size:
300 KB (307,200 bytes)

Product version:
1.0.6.5

Copyright:
Copyright © 2014

Original file name:
OfferBLVDW.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\offerblvd\offerblvdw.exe

File PE Metadata
Compilation timestamp:
11/25/2014 4:46:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:7VGLdYZIzOyUT1RxDEb0nv9VCk4mJ5DaIEO2vSlk+m17:Z4OywxDEInvco5DA6lw7

Entry address:
0x4C05E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3042

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
296.5 KB (303,616 bytes)

The file OfferBLVDW.exe has been discovered within the following program.

OfferBLVD  by Resoft Ltd.
OfferBLVD (SnapDo) is an Smartbar adware applicatication (such as Linkury by Resoft, same distributor) that is an adware (advertising supported) application that is designed for the purpose of displaying unwanted ads, software for PUP (potentially unwanted programs) and other offers.
www.offerblvd.com
79% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-48-25.jfk5.r.cloudfront.net  (54.230.48.25:80)

TCP (HTTP):
Connects to haproxy7.ca.servers.visadd.com  (198.50.251.252:80)

TCP (HTTP):
Connects to float.1192.bm-impbus.prod.sin1.adnexus.net  (103.243.222.46:80)

TCP (HTTP):
Connects to ec2-54-235-180-232.compute-1.amazonaws.com  (54.235.180.232:80)

TCP (HTTP):
Connects to ec2-23-21-45-44.compute-1.amazonaws.com  (23.21.45.44:80)

TCP (HTTP):
Connects to ec2-184-73-219-105.compute-1.amazonaws.com  (184.73.219.105:80)

TCP (HTTP):
Connects to 192-124-232-198.static.unitasglobal.net  (198.232.124.192:80)

TCP (HTTP):
Connects to 119.81.4.133-static.reverse.softlayer.com  (119.81.4.133:80)

Remove OfferBLVDW.exe - Powered by Reason Core Security