beamrise.exe

Beamrise

SIEN S.A.

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application beamrise.exe by SIEN S.A has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the SIEN SuperInstall installer. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Beamrise’.
Publisher:
The Beamrise Authors  (signed by SIEN S.A.)

Product:
Beamrise

Version:
32.3.1700.77

MD5:
35a80f6b8d0a093af3915695cfc6aa3d

SHA-1:
fb9868bd811de892cc822e8e89b8043a7466c6b5

SHA-256:
ef3cf83003d5bf8b1a74f2a732945a5c433c0931214cdad8bdeed3c2428c3356

Scanner detections:
3 / 68

Status:
Potentially unwanted

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/20/2017 8:13:32 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.7237

Dr.Web
Adware.Iminent.87
9.0.1.0293

Reason Heuristics
PUP.Sien.SIENSA.Bundler (M)
15.10.20.14

File size:
1.5 MB (1,561,176 bytes)

Product version:
32.3.1700.77

Copyright:
Copyright 2013 The Beamrise Authors. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\beamrise\application\beamrise.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
6/15/2015 9:50:10 AM

Valid to:
6/15/2016 9:50:10 AM

Subject:
CN=SIEN S.A., O=SIEN S.A., L=Paris, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D1DF1CB73206967A3311ED8724668997

File PE Metadata
Compilation timestamp:
9/15/2015 8:21:03 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:l17ettlAfpBYtQSp2FQId9ZDHCxNlbLua3p:X7WGRcQLFQ09ZDCp

Entry address:
0x53333

Entry point:
E8, 69, BA, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, E4, 22, 47, 00, 57, FF, 35, 34, 55, 4A, 00, FF, D6, FF, 35, 30, 55, 4A, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, BF, BA, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73, 02, 8B, C3, 03, C3, 3B, C3, 72, 0F, 50, FF, 75, FC, E8, F1, 4B, 00, 00, 59, 59, 85, C0, 75, 16, 8D, 43, 10, 3B, C3, 72, 3E, 50, FF, 75, FC, E8...
 
[+]

Code size:
450.5 KB (461,312 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Beamrise

Command:
"C:\users\{user}\appdata\local\beamrise\application\beamrise.exe" --no-startup-window --auto-launch-at-startup --profile-directory="default"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to ec2-50-18-189-42.us-west-1.compute.amazonaws.com  (50.18.189.42:80)

TCP (HTTP):
Connects to server-54-192-139-66.lax1.r.cloudfront.net  (54.192.139.66:80)

TCP (HTTP SSL):
Connects to ir1.fp.vip.bf1.yahoo.com  (98.139.180.149:443)

TCP (HTTP SSL):
Connects to ir2.fp.vip.bf1.yahoo.com  (98.139.183.24:443)

TCP (HTTP):
Connects to server-54-192-139-117.lax1.r.cloudfront.net  (54.192.139.117:80)

TCP (HTTP SSL):
Connects to ir2.fp.vip.sg3.yahoo.com  (106.10.138.240:443)

TCP (HTTP SSL):
Connects to ec2-23-23-112-220.compute-1.amazonaws.com  (23.23.112.220:443)

TCP (HTTP):
Connects to media-router-rc1.prod.media.vip.sg3.yahoo.com  (106.10.160.45:80)

TCP (HTTP SSL):
Connects to cache.google.com  (201.16.59.42:443)

TCP (HTTP):
Connects to 74.113.237.189.lv.iaccap.com  (74.113.237.189:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-02-gru2.fbcdn.net  (157.240.12.16:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-gru2.fbcdn.net  (31.13.85.4:443)

TCP (HTTP SSL):
Connects to edge-video-shv-02-gru2.fbcdn.net  (157.240.12.14:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-gru2.facebook.com  (31.13.85.8:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:443)

Remove beamrise.exe - Powered by Reason Core Security