» bavtest.exe
Overview
Analysis
File Details
Behaviors (1)

bavtest.exe

KumgaCompanyCA

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘BavTest’.

File name:

bavtest.exe

Publisher:

KumgaCompanyCA (signed and verified)

MD5:

07414ec066a62e990b1477ef79779634

SHA-1:

5e59d8993e7d88090aa6e1a10e5f28fcf46ec364

SHA-256:

8407c866d53d7f21ffbfdda4f913255d8cda2b679dbe706b497aee98455029b5

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/20/2024 1:51:26 AM UTC (today)

Scan engine

Detection

Engine version

Qihoo 360 Security

HEUR/QVM42.0.Malware.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.StartPage.puj!1075334149

23.00.65.15304

File size:

70.6 KB (72,256 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\Program Files\baidu security\baidu antivirus\5.4.1.104404.0\bavadvtools\bavtest.exe

Digital Signature

Signed by:

KumgaCompanyCA

Authority:

ComodoCA

Valid from:

8/14/2011 3:46:37 PM

Valid to:

1/1/2040 2:59:59 AM

Subject:

CN=KumgaCompanyCA

Issuer:

CN=ComodoCA

Serial number:

2E69C3CA2FA8AF804578E96B51D1BD10

File PE Metadata

Compilation timestamp:

12/6/2009 1:52:01 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:AZr0wirt3/aEecbsg4sXJN1OXaziZLnVxC5LGfjQubLO:AZrq3/rBsYXJNEXT5nPC6VLO

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 6F, 44, 00, E8, F1, 2B, 00, 00, A3, 84, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 2E, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

BavTest

Command:

C:\Program Files\baidu security\baidu antivirus\5.4.1.104404.0\bavadvtools\bavtest.exe

Scan bavtest.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.