home

b1shellext64.dll

B1 Free Archiver

IT Management Group LTD

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The module b1shellext64.dll, “B1 shell extension” by IT Management Group has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is registered as a context menu handler (displays a menu when right-clicked in Explorer) named “B1ShellEx”.
Publisher:
b1.org  (signed by IT Management Group LTD)

Product:
B1 Free Archiver

Description:
B1 shell extension

Version:
0,4,0,678

MD5:
9b4b8e852520f4317977097458df159d

SHA-1:
c47e6d239fa2c084dc34611e7414b2e39027bab7

SHA-256:
761975e41ba1be6537e477d607f87a801c7910b0e41b80d36244db9633080cd5

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/7/2024 10:50:55 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Handler.ITManagementGroup.M
14.10.26.14

File size:
503.5 KB (515,568 bytes)

Product version:
0,4,0,678

Copyright:
(c)2011 b1.org All rights reserved.

File type:
Dynamic link library (Win64 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\b1 free archiver\b1shellext64.dll

Digital Signature
Signed by:
IT Management Group LTD

Authority:
COMODO CA Limited

Valid from:
1/18/2012 1:00:00 AM

Valid to:
1/18/2013 12:59:59 AM

Subject:
CN=IT Management Group LTD, O=IT Management Group LTD, STREET=135 Arch. Makarios III Avenue, STREET=Emelle Building 4th floor, L=Limassol, S=Limassol, PostalCode=3021, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009F750087DD24E5BFA7394C0A178EEAD8

Registration
CLSID:
{76CF52AF-2B2D-4999-8CE8-495187BB11CD}

ProgID:
B1WinExt.B1ShlExt.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
3/29/2012 3:36:37 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:xgY98Eea4Vc3nDKym2dQSNjJcSbgF3Q/p+NCLMOcFqXlRasQ9S0O:H98E3F

Entry address:
0xE36C

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 8B, 5E, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, AB, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 8B, C1, 48, F7, D9, 48, A9, 07, 00, 00, 00, 74, 0F, 66, 90, 8A, 10, 48, FF, C0, 84, D2, 74, 5F, A8, 07, 75, F3, 49, B8, FF, FE, FE, FE, FE, FE, FE, 7E, 49, BB, 00, 01, 01...
 
[+]

Entropy:
5.5658

Code size:
97.5 KB (99,840 bytes)

Context Menu Handler
Display name:
B1ShellEx

CLSID:
{76CF52AF-2B2D-4999-8CE8-495187BB11CD}

CLSID name:
B1ShlExt Class


Remove b1shellext64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.