home

bf.dll

tf

The module bf.dll has been detected as a potentially unwanted program by 9 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
tf

Product:
tf

Version:
5.3.2.3

MD5:
24f53bd08d9939c43f45a051398d607a

SHA-1:
8399388cc17d0ad50922afd750c68e6562663b86

SHA-256:
c78cd46ba428391bcfe6ebfc2300f00e94d3dd69b4e8097553f815959f33af62

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/19/2024 9:14:57 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.169.160

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.14929

ESET NOD32
Win32/OutBrowse.AM
8.10326

Malwarebytes
PUP.Optional.Downloader
v2014.08.29.05

McAfee
Artemis!6A907E1E327A
5600.6992

NANO AntiVirus
Trojan.Win32.OutBrowse.deinil
0.28.2.61942

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.29.17

Trend Micro House Call
Suspicious_GEN.F47V0826
7.2.272

File size:
114 KB (116,736 bytes)

Product version:
5.3.2.3

Copyright:
Copyright convert (C) 2014

Original file name:
bf.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\bf.dll

File PE Metadata
Compilation timestamp:
8/27/2014 10:33:21 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
1536:s6RNT5VHCk8jRUm6ZnDeRXlhtXcriSJKuNss4Snz3b7mJi4LuWxniO:sAl4zjRU9hYVki+8kz3/mJi4hxniO

Entry address:
0x5B45

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, AA, 33, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 6A, 0C, 68, 28, 8C, 01, 10, E8, 2C, 30, 00, 00, 33, FF, 89, 7D, E4, 33, C0, 8B, 75, 0C, 3B, F7, 0F, 95, C0, 3B, C7, 75, 18, E8, 74, 37, 00, 00, C7, 00, 16, 00, 00, 00, E8, 17, 37, 00, 00, 83, C8, FF, E9, B4, 00, 00, 00, 56, E8, DB, 01, 00, 00, 59, 89, 7D, FC, F6, 46, 0C, 40, 75, 6F, 56, E8, 49, 35, 00, 00, 59, 83, F8, FF, 74, 1B, 83, F8, FE, 74, 16, 8B, D0, C1, FA, 05...
 
[+]

Code size:
78 KB (79,872 bytes)

Remove bf.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.