» b5t_s15116.exe
Overview
Analysis
File Details

b5t_s15116.exe

帮5淘购物助手

载信软件（上海）有限公司

The application b5t_s15116.exe by 载信软件（上海）有限公司 has been detected as a potentially unwanted program by 18 anti-malware scanners.

File name:

b5t_s15116.exe

Publisher:

载信软件（上海）有限公司 (signed and verified)

Product:

帮5淘购物助手

Version:

6, 0, 1, 0

MD5:

1b557a3983d15e3b28bfef1bd8bb7cdf

SHA-1:

7453a3ff7b23b7451e1a1e97a5d8d7c38f3b1f5f

SHA-256:

acc12793788973da2b1f1a97dbe454110036ca82eaf7b45148a557d6cd286908

Scanner detections:

18 / 68

Status:

Potentially unwanted

Analysis date:

6/18/2025 10:08:44 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.4200949

-15

Avira AntiVirus

TR/Bang5mai.3801264

8.3.3.4

Arcabit

Trojan.Generic.D4019F5

1.0.0.795

Bitdefender

Trojan.GenericKD.4200949

1.0.20.250

Comodo Security

UnclassifiedMalware

26532

Emsisoft Anti-Malware

Trojan.GenericKD.4200949

8.17.02.19.06

ESET NOD32

Win32/Adware.Hai33

11.14869

F-Secure

Trojan.GenericKD.4200949

11.2017-19-02_1

G Data

Trojan.GenericKD.4200949

17.2.25

K7 AntiVirus

Unwanted-Program

13.2422293

Malwarebytes

PUP.Optional.Bang5Mai

v2017.02.19.06

McAfee

Artemis!1B557A3983D1

5600.6119

MicroWorld eScan

Trojan.GenericKD.4200949

18.0.0.150

Rising Antivirus

PUF.Hijacker-B5T!1.A1C0-UfPkRu9YY9M (cloud)

23.00.65.17217

Sophos

Generic PUA HE (PUA)

4.98

Vba32 AntiVirus

AdWare.Bang5mai

3.12.26.4

ViRobot

Adware.Bang5Mai.3801264[h]

2014.3.20.0

Zillya! Antivirus

Worm.RunonceCRTD.Win32.4440

2.0.0.3192

File size:

3.6 MB (3,801,264 bytes)

Product version:

6, 0, 1, 0

Original file name:

B5TSetup.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\b5t_s15116.exe

Digital Signature

Signed by:

载信软件（上海）有限公司

Authority:

Thawte, Inc.

Valid from:

5/12/2014 8:00:00 AM

Valid to:

8/12/2015 7:59:59 AM

Subject:

CN=载信软件（上海）有限公司, OU=IT部, O=载信软件（上海）有限公司, L=上海, S=上海, C=CN

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

07CF6481D29DBD6746863A658408AE1C

File PE Metadata

Compilation timestamp:

12/31/2012 8:38:51 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

Entry address:

0x276F0

Entry point:

60, BE, 00, 90, 41, 00, 8D, BE, 00, 80, FE, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 7F, 5E, 02, 00, 57, 83, C3, 04, 53, 68, E0, E6, 00, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.9994 (probably packed)

Code size:

64 KB (65,536 bytes)

Remove b5t_s15116.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.