sg.exe

Web Assistant

Bit Cocktail Ltd.

The application sg.exe, “Web Assistant Setup ” by Bit Cocktail has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www5.incredimail.com and multiple other hosts.
Publisher:
IncrediBar   (signed by Bit Cocktail Ltd.)

Product:
Web Assistant

Description:
Web Assistant Setup

MD5:
8d9e7cfc07883d266fa4dd9ad163ba3f

SHA-1:
1205c905be56010578e09b701ca3112bd17dfea6

SHA-256:
fc958314953251725e63e14fe666d32825c6234d118c516305eb3c311ae70a36

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 2:43:23 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.BitCocktail
4.0.3.14723

ESET NOD32
Win32/Toolbar.Perion (variant)
8.9595

Reason Heuristics
PUP.Installer.BitCocktail.C
14.7.23.0

Trend Micro House Call
TROJ_GEN.F47V1011
7.2.204

File size:
1.2 MB (1,238,880 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\sg.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
1/16/2012 6:00:00 PM

Valid to:
1/16/2013 5:59:59 PM

Subject:
CN=Bit Cocktail Ltd., O=Bit Cocktail Ltd., L=Herzeliya, S=Herzeliya, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
613E461899A05578474D1423CF9CC340

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:3gTucDKY5/81E3yCzLvcWIaTi9gvnAhbENpxSja9T7N:3gSpY98iCCzLp5keAhbSwjGN

Entry address:
0xBA20

Entry point:
55, 8B, EC, 83, C4, C0, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, 89, 45, C0, B8, 38, B9, 40, 00, E8, 92, 8E, FF, FF, 33, C0, 55, 68, DB, C0, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 9C, C0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 7C, D3, 40, 00, 8B, 00, E8, 7E, FD, FF, FF, E8, A9, F9, FF, FF, 8D, 55, F0, 33, C0, E8, FF, C9, FF, FF, 8B, 55, F0, B8, 88, EE, 40, 00, E8, F6, 77, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 88, EE, 40, 00, B2, 01, A1, AC, 8B, 40, 00, E8, AE, D2, FF, FF, A3, 8C, EE, 40, 00, 33...
 
[+]

Entropy:
7.9806

Developed / compiled with:
Microsoft Visual C++

Code size:
44.5 KB (45,568 bytes)

The file sg.exe has been seen being distributed by the following 3 URLs.

http://www5.incredimail.com/incredibar/201206201015/setup/default/installer/.../sg.exe

http://www5.incredimail.com/incredibar/201207231930/setup/default/installer/.../sg.exe

Remove sg.exe - Powered by Reason Core Security