» b0crtgqd
Overview
Analysis
File Details

b0crtgqd

Internet Explorer

ManySign Inc.

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The file b0crtgqd by ManySign has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

b0crtgqd

Publisher:

Microsoft Corporation (signed by ManySign Inc.)

Product:

Internet Explorer

Version:

11.00.10586

MD5:

5293cf59742180fc66bf84f32a1be068

SHA-1:

d5f55e08a487acd216474068d2a1c4009691edd8

SHA-256:

86bcecddd2c931f91f5b65cc839fe3da50f1d46e63f89fc50651297a89bf2710

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

1/2/2026 9:51:26 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Downloader (M)

16.9.6.0

File size:

753.3 KB (771,392 bytes)

Product version:

11.00.10586

Original file name:

y05epaa.exe

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\b0crtgqd

Digital Signature

Signed by:

ManySign Inc.

Authority:

ManySign Inc.

Valid from:

2/27/2016 9:36:13 AM

Valid to:

2/26/2017 9:36:13 AM

Subject:

E=contact@manysign.com, OU=ManySign Authority, O=ManySign Inc., L=Lansing, S=Michigan, C=US, CN=ManySign

Issuer:

E=contact@manysign.com, OU=ManySign Authority, O=ManySign Inc., L=Lansing, S=Michigan, C=US, CN=ManySign

Serial number:

00A9CE1EFF3DF92E00

File PE Metadata

Compilation timestamp:

4/3/2016 4:06:58 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:kWJXu2MiHeIRBUu6n6MvpAQ0POpErD/iWVOlLQSD05m43q2iYyHAs+v5Oq3ldtg4:kWJXu2M3B1GQ0PU1WVALWm2MAfU2dZZ

Entry address:

0xBA04E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

740 KB (757,760 bytes)

Remove b0crtgqd - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.