» sg.exe
Overview
Analysis
File Details
Downloads (2)

sg.exe

IB Updater

Bit Cocktail Ltd.

The application sg.exe, “IB Updater Setup ” by Bit Cocktail has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www5l.incredimail.com and multiple other hosts.

File name:

sg.exe

Publisher:

IncrediBar (signed by Bit Cocktail Ltd.)

Product:

IB Updater

Description:

IB Updater Setup

MD5:

c951a1148fe9071e04990c102432fab6

SHA-1:

b303fe6424153b685df04f47fa751ff3d47ecb86

SHA-256:

12c4b61eb738cf2f2b6c782b993fd80f805e0e1eb7d1d4c6238b3b2d795d7adf

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/24/2024 3:03:24 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Installer.BitCocktail.C

14.7.21.4

File size:

4.1 MB (4,297,248 bytes)

Product version:

2.0.0.542

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\sg.exe

Digital Signature

Signed by:

Bit Cocktail Ltd.

Authority:

Thawte, Inc.

Valid from:

1/17/2012 12:00:00 AM

Valid to:

1/16/2013 11:59:59 PM

Subject:

CN=Bit Cocktail Ltd., O=Bit Cocktail Ltd., L=Herzeliya, S=Herzeliya, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

613E461899A05578474D1423CF9CC340

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:YS/Y9l4dGAvwU4RRwm6rjvScTakw7VHqx+eizRYZe8LN7SFC5H:JANuwDXwm6XS8akMwliz6ZtRSw5

Entry address:

0xBA20

Entry point:

55, 8B, EC, 83, C4, C0, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, 89, 45, C0, B8, 38, B9, 40, 00, E8, 92, 8E, FF, FF, 33, C0, 55, 68, DB, C0, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 9C, C0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 7C, D3, 40, 00, 8B, 00, E8, 7E, FD, FF, FF, E8, A9, F9, FF, FF, 8D, 55, F0, 33, C0, E8, FF, C9, FF, FF, 8B, 55, F0, B8, 88, EE, 40, 00, E8, F6, 77, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 88, EE, 40, 00, B2, 01, A1, AC, 8B, 40, 00, E8, AE, D2, FF, FF, A3, 8C, EE, 40, 00, 33... 
[+]

Entropy:

7.9978

Developed / compiled with:

Microsoft Visual C++

Code size:

44.5 KB (45,568 bytes)

The file sg.exe has been seen being distributed by the following 2 URLs.

http://www5l.incredimail.com/incredibar/201210271142/setup/default/installer/.../sg.exe

http://www5.incredimail.com/incredibar/201210282059/setup/default/installer/.../sg.exe

Remove sg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.