sg.exe

IB Updater

Bit Cocktail Ltd.

The application sg.exe, “IB Updater Setup ” by Bit Cocktail has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www5l.incredimail.com and multiple other hosts.
Publisher:
IncrediBar   (signed by Bit Cocktail Ltd.)

Product:
IB Updater

Description:
IB Updater Setup

MD5:
c951a1148fe9071e04990c102432fab6

SHA-1:
b303fe6424153b685df04f47fa751ff3d47ecb86

SHA-256:
12c4b61eb738cf2f2b6c782b993fd80f805e0e1eb7d1d4c6238b3b2d795d7adf

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/26/2024 12:44:23 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.BitCocktail.C
14.7.21.4

File size:
4.1 MB (4,297,248 bytes)

Product version:
2.0.0.542

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\sg.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
1/17/2012 12:00:00 AM

Valid to:
1/16/2013 11:59:59 PM

Subject:
CN=Bit Cocktail Ltd., O=Bit Cocktail Ltd., L=Herzeliya, S=Herzeliya, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
613E461899A05578474D1423CF9CC340

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:YS/Y9l4dGAvwU4RRwm6rjvScTakw7VHqx+eizRYZe8LN7SFC5H:JANuwDXwm6XS8akMwliz6ZtRSw5

Entry address:
0xBA20

Entry point:
55, 8B, EC, 83, C4, C0, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, 89, 45, C0, B8, 38, B9, 40, 00, E8, 92, 8E, FF, FF, 33, C0, 55, 68, DB, C0, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 9C, C0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 7C, D3, 40, 00, 8B, 00, E8, 7E, FD, FF, FF, E8, A9, F9, FF, FF, 8D, 55, F0, 33, C0, E8, FF, C9, FF, FF, 8B, 55, F0, B8, 88, EE, 40, 00, E8, F6, 77, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 88, EE, 40, 00, B2, 01, A1, AC, 8B, 40, 00, E8, AE, D2, FF, FF, A3, 8C, EE, 40, 00, 33...
 
[+]

Entropy:
7.9978

Developed / compiled with:
Microsoft Visual C++

Code size:
44.5 KB (45,568 bytes)

The file sg.exe has been seen being distributed by the following 2 URLs.

http://www5l.incredimail.com/incredibar/201210271142/setup/default/installer/.../sg.exe

Remove sg.exe - Powered by Reason Core Security