» 1bd154143f153666.exe
Overview
Analysis
File Details

1bd154143f153666.exe

LLC

The application 1bd154143f153666.exe by LLC has been detected as adware by 18 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

Publisher:

LLC (signed and verified)

MD5:

2a8127436a195b7468dd3b0b88c92621

SHA-1:

bec7ff98f683f94694f8504bbdb5b967223dd5b6

SHA-256:

99c51a37bf1e1160b1074a39a242752f6c8fddad68acb8a58b2a204e10e30c33

Scanner detections:

18 / 68

Status:

Adware

Analysis date:

4/25/2024 12:04:24 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Agent.BJHE

564

Avira AntiVirus

APPL/InstallMonst.KF

3.6.1.96

avast!

SMSSend-CLX [Trj]

2014.9-150419

AVG

Generic

2016.0.3135

Bitdefender

Trojan.Agent.BJHE

1.0.20.1005

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Trojan.InstallMonster

9.0.1.0109

Emsisoft Anti-Malware

Trojan.Agent.BJHE

8.15.07.20.07

ESET NOD32

Win32/InstallMonstr.KC potentially unwanted application

9.7.0.302.0

F-Secure

Trojan.Agent.BJHE

11.2015-20-07_2

herdProtect (fuzzy)

variant of nswb931.tmp (Adware)

2015.7.20.19

K7 AntiVirus

Riskware

13.202.15641

Kaspersky

Trojan.Win32.Inject

15.0.0.543

MicroWorld eScan

Trojan.Agent.BJHE

16.0.0.603

nProtect

Trojan.Agent.BJHE

15.04.30.01

Reason Heuristics

Threat.Amonitize

15.4.19.2

VIPRE Antivirus

Threat.4150696

39676

Zillya! Antivirus

Trojan.Inject.Win32.163284

2.0.0.2143

File size:

7 MB (7,310,344 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\1bd154143f153666.exe

Digital Signature

Signed by:

LLC

Authority:

COMODO CA Limited

Valid from:

2/10/2015 6:00:00 AM

Valid to:

2/11/2016 5:59:59 AM

Subject:

CN="LLC ""Samson""", O="LLC ""Samson""", STREET="Street anchor, 13, office 320", L=Kyyiv, S=Kyyivska, PostalCode=04119, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F071B2589872DF7AAA06AE7B9E8791C1

File PE Metadata

Compilation timestamp:

4/12/2015 12:31:43 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:En1v0ITFRlCmgRFmntz+/kP7/JpHrg+yaut:Mv0ITvlcnAz+sPTvint

Entry address:

0x3AD59C

Entry point:

55, 8B, EC, B9, 05, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, 48, 51, 7A, 00, E8, AC, 0A, C6, FF, 33, C0, 55, 68, 2C, D8, 7A, 00, 64, FF, 30, 64, 89, 20, BF, 4A, 02, 00, 00, 8B, 35, 34, 9D, 8B, 00, 81, C6, 24, 09, 00, 00, 8B, C7, E8, A6, 95, C5, FF, E8, 3D, 98, E0, FF, 8D, 55, EC, B8, 16, 00, 00, 00, E8, C4, 65, FF, FF, 8B, 45, EC, E8, A4, C8, C5, FF, 50, 8D, 55, E4, B8, 1E, 00, 00, 00, E8, 72, 58, FF, FF, 8B, 45, E4, E8, 8E, C8, C5, FF, 8B, D0, 8D, 45, E8, E8, D0, C5, C5, FF, 8B, 45, E8, E8... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

3.7 MB (3,852,288 bytes)

Remove 1bd154143f153666.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.