sg.exe

Web Assistant

Bit Cocktail Ltd.

The application sg.exe, “Web Assistant Setup ” by Bit Cocktail has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www5l.incredimail.com.
Publisher:
IB   (signed by Bit Cocktail Ltd.)

Product:
Web Assistant

Description:
Web Assistant Setup

MD5:
710759cbf1b6d375b739472ed5d4816c

SHA-1:
1a0a01f1082891112dc422b401e06ea4f7f4a35f

SHA-256:
3980f540e17ca4fc071c79ee338c4e0de5046e9d991ac45cbf6cebaaed53ed91

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 8:32:12 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.BitCocktail
4.0.3.1596

Dr.Web
Program.SysTreak.1
9.0.1.0249

ESET NOD32
Win32/Toolbar.Perion (variant)
9.10348

NANO AntiVirus
Riskware.Win32.SysTreak.deifsf
0.28.2.61942

Reason Heuristics
PUP.BitCocktail.IB.Installer (M)
15.9.6.2

File size:
1.2 MB (1,238,928 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\sg.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
1/16/2012 9:00:00 PM

Valid to:
1/16/2013 8:59:59 PM

Subject:
CN=Bit Cocktail Ltd., O=Bit Cocktail Ltd., L=Herzeliya, S=Herzeliya, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
613E461899A05578474D1423CF9CC340

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:LgTu2DKY5/84NaYzbjLpHDf7kOdqbSFENpxSja9T7g:LgSrY98CfLpnqbaSwjGg

Entry address:
0xBA20

Entry point:
55, 8B, EC, 83, C4, C0, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, 89, 45, C0, B8, 38, B9, 40, 00, E8, 92, 8E, FF, FF, 33, C0, 55, 68, DB, C0, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 9C, C0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 7C, D3, 40, 00, 8B, 00, E8, 7E, FD, FF, FF, E8, A9, F9, FF, FF, 8D, 55, F0, 33, C0, E8, FF, C9, FF, FF, 8B, 55, F0, B8, 88, EE, 40, 00, E8, F6, 77, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 88, EE, 40, 00, B2, 01, A1, AC, 8B, 40, 00, E8, AE, D2, FF, FF, A3, 8C, EE, 40, 00, 33...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
44.5 KB (45,568 bytes)

The file sg.exe has been seen being distributed by the following URL.

Remove sg.exe - Powered by Reason Core Security