» sg.exe
Overview
Analysis
File Details
Downloads (1)

sg.exe

Web Assistant

Bit Cocktail Ltd.

The application sg.exe, “Web Assistant Setup ” by Bit Cocktail has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www5l.incredimail.com.

File name:

sg.exe

Publisher:

IncrediBar (signed by Bit Cocktail Ltd.)

Product:

Web Assistant

Description:

Web Assistant Setup

MD5:

25621af98a14f05351405bf797ee69bd

SHA-1:

24b1788364e73a01a8d16cefcd1a26cad1e461a0

SHA-256:

18bd20aab10c64ef4dfff6404015277b202fc8ecbef3bfb4fd9ad1150420506c

Scanner detections:

7 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 8:36:12 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.Perion

4.0.3.1539

Dr.Web

Program.SysTreak.1

9.0.1.068

ESET NOD32

Win32/Toolbar.Perion (variant)

9.10781

herdProtect (fuzzy)

variant of sg_6pqssv4em9_active.exe (PUP)

2015.6.16.2

NANO AntiVirus

Trojan.Win32.WebToolbar.degcvu

0.28.6.63726

Reason Heuristics

PUP.Installer.BitCocktail

15.3.9.20

Trend Micro House Call

Suspicious_GEN.F47V1109

7.2.68

File size:

4.1 MB (4,295,920 bytes)

Product version:

2.0.0.533

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\sg.exe

Digital Signature

Signed by:

Bit Cocktail Ltd.

Authority:

Thawte, Inc.

Valid from:

1/16/2012 7:00:00 PM

Valid to:

1/16/2013 6:59:59 PM

Subject:

CN=Bit Cocktail Ltd., O=Bit Cocktail Ltd., L=Herzeliya, S=Herzeliya, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

613E461899A05578474D1423CF9CC340

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:uSzY9l4dGAvwU4RRwm6rjvScTakw7VHqx+eizRYZe8LNad5TF:z8NuwDXwm6XS8akMwliz6ZtId5x

Entry address:

0xBA20

Entry point:

55, 8B, EC, 83, C4, C0, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, 89, 45, C0, B8, 38, B9, 40, 00, E8, 92, 8E, FF, FF, 33, C0, 55, 68, DB, C0, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 9C, C0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 7C, D3, 40, 00, 8B, 00, E8, 7E, FD, FF, FF, E8, A9, F9, FF, FF, 8D, 55, F0, 33, C0, E8, FF, C9, FF, FF, 8B, 55, F0, B8, 88, EE, 40, 00, E8, F6, 77, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 88, EE, 40, 00, B2, 01, A1, AC, 8B, 40, 00, E8, AE, D2, FF, FF, A3, 8C, EE, 40, 00, 33... 
[+]

Entropy:

7.9978

Developed / compiled with:

Microsoft Visual C++

Code size:

44.5 KB (45,568 bytes)

The file sg.exe has been seen being distributed by the following URL.

http://www5l.incredimail.com/incredibar/IPP/setup/default/installer/.../sg.exe

Remove sg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.