» b4fm.dll
Overview
Analysis
File Details
Behaviors (1)

b4fm.dll

Sakysoft s.r.l.

The module b4fm.dll, “Burn4Free DVD Burning Software right context menu” by Sakysoft s.r.l has been detected as a potentially unwanted program by 4 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

b4fm.dll

Publisher:

Sakysoft s.r.l. (signed and verified)

Product:

b4fm.dll

Description:

Burn4Free DVD Burning Software right context menu

Version:

7.0.0.0

MD5:

ff7c743ea910952681b4094331059af4

SHA-1:

4b8096f484d0ebbd0d66e1a1efa2cb9739e73b31

SHA-256:

27616c9abc5d1380ba2731a7081aa7cf945fca8337d147a55e9ebae2ce0be7ba

Scanner detections:

4 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/26/2024 9:14:24 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Sakyso

2016.0.2948

Baidu Antivirus

Adware.Win32.InstallCore

4.0.3.151022

Bkav FE

W32.HfsAdware

1.3.0.7237

Reason Heuristics

Win32.Generic.Sakysoftsrl.Meta

15.10.22.18

File size:

550.8 KB (564,064 bytes)

Product version:

7.0.0.0

Sakysoft s.r.l. 2013-2014

Trademarks:

Sakysoft s.r.l. 2013-2014

Original file name:

b4fm.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\burn4free dvd burning software\b4fm.dll

Digital Signature

Signed by:

Sakysoft s.r.l.

Authority:

COMODO CA Limited

Valid from:

3/3/2014 6:00:00 PM

Valid to:

3/3/2016 5:59:59 PM

Subject:

CN=Sakysoft s.r.l., O=Sakysoft s.r.l., STREET=Via Gorghi 6, L=Udine, S=UD, PostalCode=33100, C=IT

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00ECE0C7777AC73E48E3B63042EDCAEEB6

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:1gesxtyLHHjHQHq9lniOgJzL7eS7nBYe7Vl81P:1jsxsjwHNJ7HL7fkP

Entry address:

0x72B10

Entry point:

55, 8B, EC, 83, C4, C4, B8, 58, 28, 47, 00, E8, 58, 3D, F9, FF, E8, 8F, 19, F9, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.5875

Developed / compiled with:

Microsoft Visual C++

Code size:

455 KB (465,920 bytes)

Approved Shell Extension

Name:

ShellPlusContextMenu

CLSID:

{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}

CLSID name:

Burn4Freecontext menu

Remove b4fm.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.