» beeiifgbea.exe
Overview
Analysis
File Details

beeiifgbea.exe

Great ApPs TlD

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application beeiifgbea.exe by Great ApPs TlD has been detected as adware by 11 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory.

File name:

beeiifgbea.exe

Publisher:

Great ApPs TlD (signed and verified)

MD5:

12ba146efcde822503c2aa98e1fcacac

SHA-1:

9b4f0cd67211655881e804216ccc73cdcdf8528a

SHA-256:

4741708405234604468be91d28e86f1b6a3af4e89668586ad1f7432b77a318d2

Scanner detections:

11 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/25/2024 10:03:38 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

PUA/Outbrowse.Gen

8.3.2.4

avast!

Win32:Adware-gen [Adw]

2014.9-151201

AVG

Downloader

2016.0.2909

Baidu Antivirus

Adware.Win32.OutBrowse

4.0.3.15121

ESET NOD32

Win32/OutBrowse.CL potentially unwanted (variant)

9.12645

K7 AntiVirus

Unwanted-Program

13.212.17999

Kaspersky

not-a-virus:HEUR:AdWare.Win32.OutBrowse

14.0.0.1039

Malwarebytes

PUP.Optional.OutBrowse

v2015.12.01.06

McAfee

Artemis!12BA146EFCDE

5600.6565

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1077

Reason Heuristics

PUP.Outbrowse.GreatApPsTlD (M)

15.12.1.6

File size:

538 KB (550,952 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\beeiifgbea.exe

Digital Signature

Signed by:

Great ApPs TlD

Authority:

thawte, Inc.

Valid from:

11/15/2015 7:00:00 PM

Valid to:

1/27/2016 6:59:59 PM

Subject:

CN=Great ApPs TlD, O=Great ApPs TlD, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

34C5B23CD2013AF3CA72DE685663EBDB

File PE Metadata

Compilation timestamp:

11/29/2015 11:01:01 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:P/HeIuvYRE8t6vh/Bfj4Rx8C9mfS/SKV83PnNTb:P2IuvYREffkRx8OSyQPFb

Entry address:

0x48E98

Entry point:

E8, 5B, B6, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, C6, 45, FF, 00, 8B, 7B, 08, 8D, 73, 10, 33, 3D, C0, E2, 47, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 83, F8, FE, 74, 0D, 8B, 4F, 04, 03, CE, 33, 0C, 30, E8, 86, AF, FF, FF, 8B, 47, 08, 8B, 4F, 0C, 03, CE, 33, 0C, 30, E8, 76, AF, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, CF, 00, 00, 00, 89, 45, E8, 8B, 45, 10, 89, 45, EC, 8D, 45, E8, 89, 43, FC, 8B, 43, 0C, 89, 45... 
[+]

Entropy:

6.3986

Code size:

409 KB (418,816 bytes)

Remove beeiifgbea.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.