home

b5t_cl15207.exe

帮5淘购物助手

载信软件(上海)有限公司

The application b5t_cl15207.exe by 载信软件(上海)有限公司 has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup program which is used to install the application. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from 183.91.33.11 and multiple other hosts.
Publisher:
载信软件(上海)有限公司  (signed and verified)

Product:
帮5淘购物助手

Version:
6, 0, 5, 2

MD5:
692ad3165f436769993fe13e8e1fdc2e

SHA-1:
1d102aa5e48160526e562392cd41c23a4b607677

SHA-256:
7450c2d3d24ff1dcb3804842936d110625e8ffc61ee2e52cae13b6fb272a95f7

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
8/3/2025 9:02:35 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.Bang5mai
4.0.3.1582

Bkav FE
W32.HfsAdware
1.3.0.6979

Dr.Web
Trojan.OutBrowse.1011
9.0.1.0214

ESET NOD32
Win32/Bang5mai.C potentially unwanted (variant)
9.12003

IKARUS anti.virus
PUA.Bang5mai
t3scan.1.9.5.0

NANO AntiVirus
Trojan.Win32.Staser.dtlehu
0.30.24.2668

File size:
3.9 MB (4,050,256 bytes)

Product version:
6, 0, 5, 2

Copyright:
Copyright (C) 2015 B5MSoft

Original file name:
B5TSetup.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\b5t_cl15207.exe

Digital Signature
Signed by:
载信软件(上海)有限公司

Authority:
Thawte, Inc.

Valid from:
5/12/2014 8:00:00 AM

Valid to:
8/12/2015 7:59:59 AM

Subject:
CN=载信软件(上海)有限公司, OU=IT部, O=载信软件(上海)有限公司, L=上海, S=上海, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
07CF6481D29DBD6746863A658408AE1C

File PE Metadata
Compilation timestamp:
12/31/2012 8:38:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:16ghJe/Id6Z8/BeuCATgfPbhG/Y0TX8defG8YyoxTAgIfqK7NTc7u:AqJWId6MBehATOd0TX8deq9FAFL7Nt

Entry address:
0x276F0

Entry point:
60, BE, 00, 90, 41, 00, 8D, BE, 00, 80, FE, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 7F, 5E, 02, 00, 57, 83, C3, 04, 53, 68, E0, E6, 00, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9995  (probably packed)

Code size:
64 KB (65,536 bytes)

The file b5t_cl15207.exe has been seen being distributed by the following 2 URLs.

http://183.91.33.11/cache/dl.b5m.cn/.../b5t_cl15218.exe

http://cdn.b5m.cn/upload/plugin/clients/.../B5T_Setup.exe

Remove b5t_cl15207.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.