bavwjhp.exe

Feven 1.7

Brightcircle Investments Limited

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application bavwjhp.exe, “Feven 1.7 Installer” by Brightcircle Investments Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Nullsoft Install System installer. It is also typically executed from the user's temporary directory. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Feven  (signed by Brightcircle Investments Limited)

Product:
Feven 1.7

Description:
Feven 1.7 Installer

Version:
1.28.153.1

MD5:
6631d1f74b510851189ab8486571f1bc

SHA-1:
40e97a17ef1e95f47f45521ded8c92fbea4120c3

SHA-256:
5f30c932e18d7186df3c6dee8ba4067fc367299776214bda8820649246a91579

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
6/2/2020 12:35:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Brightcircle (M)
16.11.3.10

File size:
5.1 MB (5,384,456 bytes)

Copyright:
Copyright Feven

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\bavwjhp.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
3/8/2013 8:33:54 AM

Valid to:
3/8/2016 8:33:54 AM

Subject:
CN=Brightcircle Investments Limited, O=Brightcircle Investments Limited, L=Nicosia, S=Strovolos, C=CY

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
047F36483DC84C

File PE Metadata
Compilation timestamp:
2/19/2012 10:01:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
98304:fbkhM0f+W41huJSL6F4mDJ5OJHEoXXiR+MSSlqKC7t0MUtwXsxrSvJQwgWr4CGXi:fb4M02W41hzeemF0ZEIyR0SlqKCZStwT

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9983  (probably packed)

Code size:
34.5 KB (35,328 bytes)

Remove bavwjhp.exe - Powered by Reason Core Security