» bbfcabfdhbd.exe
Overview
Analysis
File Details

bbfcabfdhbd.exe

TIKI taka

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application bbfcabfdhbd.exe by TIKI taka has been detected as adware by 8 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.

File name:

bbfcabfdhbd.exe

Publisher:

TIKI taka (signed and verified)

Version:

2015.114.1039.22

MD5:

de6af74cb0c18dd2cfe1fb99af682e86

SHA-1:

1747fe36b9d12189f9fd760065f6bd75345e17e8

SHA-256:

8f0072bafa45dcc522f2ece1eee0942c4b8f36a95101a565307fe53f61373872

Scanner detections:

8 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

5/16/2024 2:07:33 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.OutBrowse

2015.01.15

Baidu Antivirus

Hacktool.NSIS.OutBrowse

4.0.3.15116

Dr.Web

Trojan.KillFiles.21317

9.0.1.016

ESET NOD32

Win32/OutBrowse.BA (variant)

9.11016

Kaspersky

not-a-virus:Downloader.NSIS.OutBrowse

14.0.0.2634

NANO AntiVirus

Trojan.Win32.KillFiles.dmewtl

0.30.0.64448

Qihoo 360 Security

Win32/Virus.Downloader.764

1.0.0.1015

Reason Heuristics

PUP.TIKItaka.L

15.1.16.5

File size:

826.7 KB (846,520 bytes)

Product version:

2015.114.1039.22

Original file name:

2015114103922.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\bbfcabfdhbd.exe

Digital Signature

Signed by:

TIKI taka

Authority:

thawte, Inc.

Valid from:

1/12/2015 4:00:00 AM

Valid to:

12/18/2015 3:59:59 AM

Subject:

CN=TIKI taka, O=TIKI taka, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

096DE88E1C610C5C90C9DF6C3A43DF32

File PE Metadata

Compilation timestamp:

1/14/2015 2:47:02 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:IKWjU+sgthLlCgRtrATinbtS0Yz+38NF1u/NFXlORR:TWjU+sgthLlCYtcTinbU0Yi38N/u/NFs

Entry address:

0x84F25

Entry point:

E8, 20, AD, 00, 00, E9, 89, FE, FF, FF, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 40, FA, 4B, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 4C, A4, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 3C, A4, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49, 00, 8D, 04, 5B, 8B, 4C... 
[+]

Entropy:

6.6083

Code size:

634.5 KB (649,728 bytes)

Remove bbfcabfdhbd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.