tbua93b.exe

PriceCongress

First Offer LTD

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application tbua93b.exe, “PriceCongress Setup ” by First Offer has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the WebPick InstalleRex installer.
Publisher:
SimplyTech LTD   (signed by First Offer LTD)

Product:
PriceCongress

Description:
PriceCongress Setup

Version:
6.9

MD5:
3e54d400925526d15afe9db13b532a3c

SHA-1:
5e806496a3897e8d3c08c0a878e042e967240cd7

SHA-256:
b4fcec5ccf70e9b7520376287419830344822cc60d5357bfaffbea49944eb964

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/27/2024 2:34:29 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebPick.FirstOffer.Bundler (M)
16.2.1.11

File size:
4.3 MB (4,466,312 bytes)

Product version:
6.9

File type:
Executable application (Win32 EXE)

Bundler/Installer:
WebPick InstalleRex

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\tbua93b.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
10/8/2013 2:00:00 AM

Valid to:
10/9/2014 1:59:59 AM

Subject:
CN=First Offer LTD, O=First Offer LTD, STREET=Habarzel 21 Tel Aviv, L=Tel aviv, S=Israel, PostalCode=69710, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
49900242461D96CB7B045BE0A258338E

File PE Metadata
Compilation timestamp:
12/20/2011 4:16:50 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:kP6vWYc3jQEtvpa/PMNRut1Z/jjWelt36IR3vJ4rBM1:Vvn+cERpFNRkL/jjRt3hmy1

Entry address:
0x16478

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
84 KB (86,016 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to r1.stylezip.info  (54.186.255.26:80)

Remove tbua93b.exe - Powered by Reason Core Security