home

55aa0b19e4b06a967916e344.dat

帮5淘购物助手

载信软件(上海)有限公司

The file 55aa0b19e4b06a967916e344.dat by 载信软件(上海)有限公司 has been detected as a potentially unwanted program by 7 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from cdn.b5m.cn.
Publisher:
载信软件(上海)有限公司  (signed and verified)

Product:
帮5淘购物助手

Version:
6, 0, 5, 1

MD5:
96e9941d16fbb598078fb3251ba1029f

SHA-1:
29689adf1b20682326268390411f1231b5afd76e

SHA-256:
a4c53db45bd460409c3301d43f80af58ce99be15890e06a1eef2545b0558efbc

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
6/18/2025 11:29:33 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.Bang5mai
4.0.3.15722

Bkav FE
W32.HfsAdware
1.3.0.6979

Dr.Web
Trojan.OutBrowse.1011
9.0.1.0203

ESET NOD32
Win32/Bang5mai.C potentially unwanted (variant)
9.11975

Fortinet FortiGate
Riskware/Bang5mai
7/22/2015

McAfee
Artemis!96E9941D16FB
5600.6697

NANO AntiVirus
Trojan.Win32.Staser.dtlehu
0.30.24.2668

File size:
3.7 MB (3,858,888 bytes)

Product version:
6, 0, 5, 1

Copyright:
Copyright (C) 2015 B5MSoft

Original file name:
B5TSetup.exe

Common path:
C:\users\{user}\appdata\local\temp\55aa0b19e4b06a967916e344.dat

Digital Signature
Signed by:
载信软件(上海)有限公司

Authority:
Thawte, Inc.

Valid from:
5/12/2014 8:00:00 AM

Valid to:
8/12/2015 7:59:59 AM

Subject:
CN=载信软件(上海)有限公司, OU=IT部, O=载信软件(上海)有限公司, L=上海, S=上海, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
07CF6481D29DBD6746863A658408AE1C

File PE Metadata
Compilation timestamp:
12/31/2012 8:38:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:FDrqHslRdmqxOvDUcncUes0/BSNh5KKvaf6Jkrda0HkE35WNhtqBBs5ihDyRSzdc:F6KOnncQySNGKQrdJHJWng/nsOsQUbI

Entry address:
0x276F0

Entry point:
60, BE, 00, 90, 41, 00, 8D, BE, 00, 80, FE, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 7F, 5E, 02, 00, 57, 83, C3, 04, 53, 68, E0, E6, 00, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9994  (probably packed)

Code size:
64 KB (65,536 bytes)

The file 55aa0b19e4b06a967916e344.dat has been seen being distributed by the following URL.

http://cdn.b5m.cn/upload/plugin/clients/.../B5T_Setup.exe

Remove 55aa0b19e4b06a967916e344.dat - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.