» b1freearchiver_1.4.69.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)
Network (1)

b1freearchiver_1.4.69.exe

B1 Free Archiver Installer

Catalina Group Limited

The application b1freearchiver_1.4.69.exe by Catalina Group Limited has been detected as a potentially unwanted program by 7 anti-malware scanners. This file is typically installed with the program B1 Free Archiver by Catalina Group Ltd. The file has been seen being downloaded from b1.org. While running, it connects to the Internet address 74-50-112-231.static.hvvc.us on port 80 using the HTTP protocol.

File name:

Publisher:

Catalina Group Limited (signed and verified)

Product:

B1 Free Archiver Installer

Version:

2, 4, 21, 0

MD5:

520653aa4fa8c929e77e64f88a4aafba

SHA-1:

486e06948794ff1f51c9b707abf6f28f68a18f10

SHA-256:

7339f8b8ab93a4a1343df87931679e61f88d4d68f55c9ae45dd8fc708c6d79c8

Scanner detections:

7 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 3:02:17 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

2014.9-150409

Emsisoft Anti-Malware

Backdoor.Bot.135374

8.15.04.09.02

ESET NOD32

Win32/4Shared.T potentially unwanted application

9.7.0.302.0

IKARUS anti.virus

Trojan.Win32.Badur

t3scan.1.6.1.0

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.4.8.22

Rising Antivirus

PE:PUF.4Shared!1.9C25

23.00.65.131225

File size:

527.5 KB (540,176 bytes)

Product version:

2, 4, 21, 0

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\programs\b1freearchiver_1.4.69.exe

Digital Signature

Signed by:

Catalina Group Limited

Authority:

GoDaddy.com, Inc.

Valid from:

8/16/2013 12:34:08 PM

Valid to:

9/27/2016 3:56:54 AM

Subject:

CN=Catalina Group Limited, O=Catalina Group Limited, L=Kwun Tong, S=Hong Kong, C=HK

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

4B8F32520620F6

File PE Metadata

Compilation timestamp:

11/22/2013 3:06:06 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:PFBiTY0+caOKVKF4xpX8fcPHlvaTEBnonF5nsH02q:tBKYdI96pYcPYTEQzn2t

Entry address:

0x271B0

Entry point:

E8, E8, C2, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE... 
[+]

Entropy:

6.4467

Code size:

255 KB (261,120 bytes)

The file b1freearchiver_1.4.69.exe has been discovered within the following programs.

B1 Free Archiver by Catalina Group Ltd

About 5% of users remove it

The file b1freearchiver_1.4.69.exe has been seen being distributed by the following URL.

http://b1.org/smart-download/131961/.../B1FreeArchiver_1.4.69.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 74-50-112-231.static.hvvc.us (74.50.112.231:80)

Remove b1freearchiver_1.4.69.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.