bate_ph_calculator_en.exe
Webcellence Ltd.
The application bate_ph_calculator_en.exe by Webcellence has been detected as adware by 9 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from safe.to.download.downloadastro.com.
File name:
bate_ph_calculator_en.exe
MD5:
45f2c238c8caa0596fdd51ca3360a21e
SHA-1:
2c7fc5009a3b1df6885d2f4f8e9cde8c99b67721
SHA-256:
dc13d4b8652a0936bb5a4b0486a29193f39b810e525280c702451ecb5c8955d7
Scanner detections:
9 / 68
Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.
Analysis date:
4/23/2024 8:26:00 PM UTC (today)
Scan engine
Detection
Engine version
Dr.Web
Adware.InstallCore.122
9.0.1.0207
ESET NOD32
Win32/InstallCore.BL
7.8621
F-Prot
W32/InstallCore.R.gen
v6.4.7.1.166
K7 AntiVirus
Unwanted-Program
13.170.9117
Malwarebytes
v2013.07.26.10
McAfee
Artemis!45F2C238C8CA
5600.7270
Reason Heuristics
PUP.Webcellence.V
14.8.7.20
Trend Micro House Call
TROJ_GEN.F47V0725
7.2.207
VIPRE Antivirus
InstallCore.b
19958
File size:
648.1 KB (663,680 bytes)
File type:
Executable application (Win32 EXE)
Common path:
C:\users\{user}\downloads\bate_ph_calculator_en.exe
Valid from:
3/4/2013 4:00:00 PM
Valid to:
5/4/2014 4:59:59 PM
Subject:
CN=Webcellence Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Webcellence Ltd., L=Moshav Ora, S=Israel, C=IL
Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Serial number:
2742F1242826FB7F69B052B7F394DFED
Compilation timestamp:
6/19/1992 3:22:17 PM
Code size:
36 KB (36,864 bytes)
The file bate_ph_calculator_en.exe has been seen being distributed by the following URL.