» Bit Cocktail Ltd.
Digital Signature
Analysis
Files (114)
Downloads (5)
Distribution (1)
Related (1)

Bit Cocktail Ltd.

Publisher Information

Bit Cocktail Ltd. is a software developer located in Herzeliya, Israel*. The publisher primarily developes software that can be classified as adware. There is one additional code signing certificate issued to this publisher.

Authority:

Thawte, Inc.

Valid from:

1/17/2012 1:00:00 AM

Valid to:

1/17/2013 12:59:59 AM

Subject:

CN=Bit Cocktail Ltd., O=Bit Cocktail Ltd., L=Herzeliya, S=Herzeliya, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

613e461899a05578474d1423cf9cc340

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.BitCocktail.P, PUP.Service.BitCocktail, PUP.BHO.BitCocktail, PUP.Installer.BitCocktail, PUP.BitCocktail (M), PUP.BitCocktail.IB (M), PUP.BitCocktail.IncrediBar.Installer (M), PUP.BitCocktail.Bitcoktail (M)

100.00%

Baidu Antivirus

Adware.Win32.Perion, Adware.Win32.BitCocktail, Trojan.Win32.Agent, Trojan.Win32.Toolbar

26.00%

ESET NOD32

Win32/Toolbar.Perion.J potentially unwanted (variant), Win32/Toolbar.BitCocktail (variant), Win32/Toolbar.Perion (variant)

24.00%

Dr.Web

Program.SysTreak.1, Adware.Shopper.918, Adware.Shopper.918, is riskware program Program.SysTreak.1

18.00%

NANO AntiVirus

Trojan.Win32.WebToolbar.degcvu, Riskware.Win32.SysTreak.dfmajo, Riskware.Win32.SysTreak.debebt, Riskware.Win32.SysTreak.deifsf

14.00%

Trend Micro House Call

Suspicious_GEN.F47V1109, Suspicious_GEN.F47V0315, Suspicious_GEN.F47V1016, TROJ_GEN.R047C0OKO14, Suspicious_GEN.F47V1012

14.00%

ESET NOD32

Win64/Toolbar.Perion.A potentially unwanted application, Win32/Toolbar.BitCocktail.A potentially unwanted application, Win32/Toolbar.BitCocktail.B potentially unwanted application

8.00%

Sophos

BitCocktail, PUA 'BitCocktail'

6.00%

Bkav FE

W32.HfsAdware, W64.HfsAdware

6.00%

Malwarebytes

PUP.Optional.SweetPacks.A

4.00%

1 / 68 (PUP)

extensionupdaterservice.exe (8b672417438380704e6a39b2f9d78ee8)

1 / 68 (PUP)

extensionupdate.exe (Web Assistant by IncrediBar) (2202b483c445b78aa31ab413558e6687)

1 / 68 (PUP)

extensionupdaterservice.exe (500d9370de82cdee6779a97d494df236)

1 / 68 (PUP)

sg_6r8qro3yjt_active.exe (by IB) (cb1b6d00b50ff3f600bf70e193b0d35c)

1 / 68 (PUP)

extensionupdaterservice.exe (1afa08ade064c01152f0f06adb0b1c06)

1 / 68 (PUP)

extensionupdaterservice.exe (65958f3042c77578a2b12fe4e46f7404)

1 / 68 (PUP)

sg_iaxbkjsyal_inactive.exe (Web Assistant by IncrediBar) (99fa3c09959f6c09a82893da6c04b6ab)

1 / 68 (PUP)

tmp00000002dd60e3cc80b16b15 (8e184cfec533055c6082e89229f28f43)

1 / 68 (PUP)

sg.exe (IB Updater by IncrediBar) (ca8b0a33280575857029ca3ba96ef4e9)

1 / 68 (PUP)

extensionupdate.exe (Web Assistant by IncrediBar) (d5e88f71f6739e061284f9c40abf532f)

1 / 68 (PUP)

extensionupdaterservice.exe (c4ec719dd48385a1abedd1883c6613e0)

1 / 68 (PUP)

tmp00000001a7d31ca71ab6b19a (f338573ccdec37912b8e3d5e15d49c50)

1 / 68 (PUP)

sg.exe (by IB) (6a9fbfb25cdd83fa6ef109a528e8c360)

1 / 68 (PUP)

extensionupdaterservice.exe (371e7a76dc63e45f219e826bfaea73aa)

3 / 68 (PUP)

extensionupdaterservice.exe (a149d2aa32947e2191ae705e5647929d)

1 / 68 (PUP)

extensionupdate.exe (by Bitcoktail) (678d1a05d2a195aa6796ba2220f69f35)

1 / 68 (PUP)

extensionupdate.exe (by Bitcoktail) (d5756472b613d39b1a52764f1c7085ee)

1 / 68 (PUP)

extensionupdate.exe (by Bitcoktail) (4069a8c2923079260915b399d56eee04)

1 / 68 (PUP)

sg_6pqw6sgnko_active.exe (by IB) (cc5ff6ddcd95c487e3e2776357e34097)

1 / 68 (PUP)

sg_6r8qhevwxp_active.exe (by IB) (a8d05cfbd8772ff6b1ec1126fcfb90f0)

1 / 68 (PUP)

sg_6pq8onwbmk_active.exe (Web Assistant by IncrediBar) (17368e5b0d108b271c0f350e4cd75547)

1 / 68 (PUP)

installerhelper.dll (362ee9d6b6b3fa487b9f74cd693f7dfd)

1 / 68 (PUP)

extension64.dll (f04a4c0be1b446012bbb8cf3150e2325)

1 / 68 (PUP)

extensionupdaterservice.exe (bf6e850a83976068ac5775204d1c3485)

2 / 68 (PUP)

extension32.dll (94251722fef5b389fbcb168228b75e74)

6 / 68 (PUP)

sg.exe (Web Assistant by IncrediBar) (fa639fb60af4a576e66585a40ab07a30)

1 / 68 (PUP)

sg_6oyuzvx1ny_inactive.exe (IB Updater by IncrediBar) (b4721fc387cb2b5fb95f7d3b85dee34e)

1 / 68 (PUP)

extension64.dll (1f8739d9296133e02d47218921a9e05d)

7 / 68 (PUP)

sg.exe (by IB) (f6443baeed54084bf5a358e9e08887c2)

1 / 68 (PUP)

sg_6oynv8htly_inactive.exe (Web Assistant by IncrediBar) (69a1790eb7c4a59c610cdc79d6df989b)

Latest 30 of 114 files

Downloads URLs for files signed by Bit Cocktail Ltd..

1 / 68 (PUP)

http://www5l.incredimail.com/incredibar/201201240000/IMPP/setup/default/installer/.../sg.exe (a8d05cfbd8772ff6b1ec1126fcfb90f0)

1 / 68 (PUP)

http://www5l.incredimail.com/incredibar/201201240000/IMPP/setup/default/installer/.../sg.exe (cc5ff6ddcd95c487e3e2776357e34097)

5 / 68 (PUP)

http://www5l.incredimail.com/incredibar/IMPPSOM/setup/default/installer/.../sg.exe (710759cbf1b6d375b739472ed5d4816c)

5 / 68 (PUP)

http://www5l.incredimail.com/incredibar/IMPPSOM/setup/default/installer/.../sg.exe (d679b90e53f9f46251038e241831435c)

7 / 68 (PUP)

http://www5l.incredimail.com/incredibar/IPP/setup/default/installer/.../sg.exe (25621af98a14f05351405bf797ee69bd)

Distribution

The following websites host and distribute files published by Bit Cocktail Ltd..

www5l.incredimail.com

The following certificate is also signed by Bit Cocktail Ltd..

2FF74ED2AFEBAFD72E0750E98DC63C1C (Nov 11, 2012 to Jan 16, 2014)

The following publishers (by Authenticode signature organization name) are related.

Perion Network Ltd.

* Note, the details and description above are based on the code signing digital signature issued to Bit Cocktail Ltd. by Thawte, Inc. on January 17, 2012 with the serial number '613e461899a05578474d1423cf9cc340'.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.