home

bflixinstaller.exe

BflixInstaller

WEB PICK - INTERNET HOLDINGS LTD

This is a WebPick installer that bundles (with very minimal user consent) a number of adware browser extensions using the JustPlug.it browser framework. The application bflixinstaller.exe by WEB PICK - INTERNET HOLDINGS has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex installer. The file has been seen being downloaded from download.premium.netdna-cdn.com. While running, it connects to the Internet address r1.stylezip.info on port 80 using the HTTP protocol.
Publisher:
Premium  (signed by WEB PICK - INTERNET HOLDINGS LTD)

Product:
BflixInstaller

Description:
Installer

Version:
2011.3.31.1546

MD5:
8754e633a2b902e5016c5e08dd9f8cb9

SHA-1:
3d9c2ff570a1464f2652ed02bb0a2dd141ee13ca

SHA-256:
463719f73ba9bb6b11229fffdc62a8640e26257c48841e9bcfed88a4e37f56d9

Scanner detections:
5 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/20/2024 2:06:08 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallRex.Gen
7.11.142.34

Bkav FE
HW32.CDB
1.3.0.4959

Comodo Security
Application.Win32.Bundledz.C
18074

Reason Heuristics
PUP.Installer.WEBPICKINTERNETHOLDINGS.O
14.8.8.1

Sophos
InstallRex
4.98

File size:
226.6 KB (232,080 bytes)

Product version:
1.0

Copyright:
Copyright © 2010 Premium

File type:
Executable application (Win32 EXE)

Bundler/Installer:
WebPick InstalleRex

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\bflixinstaller.exe

Digital Signature
Signed by:
WEB PICK - INTERNET HOLDINGS LTD

Authority:
Thawte, Inc.

Valid from:
3/22/2011 7:00:00 PM

Valid to:
3/22/2012 6:59:59 PM

Subject:
CN=WEB PICK - INTERNET HOLDINGS LTD, O=WEB PICK - INTERNET HOLDINGS LTD, L=Ramat Hasharon, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5EAC6DE3D7E9F2DD8E3EDA0B72C306CA

File PE Metadata
Compilation timestamp:
3/22/2011 6:50:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:UexwNnbb+Z9aqGLY0RotW9Tb2xC7unwRv4PUKGppHQjaB:UeKNb6Z9aLE0RN/9OJGSQ

Entry address:
0x14AE

Entry point:
55, 8B, EC, 81, EC, 24, 0A, 00, 00, 53, 56, 33, F6, 57, 66, 89, B5, DC, F5, FF, FF, 89, 75, F4, 89, 75, FC, FF, 15, 68, 30, 40, 00, A3, 00, 40, 40, 00, FF, 15, 64, 30, 40, 00, 89, 45, F8, 68, 04, 01, 00, 00, 8D, 85, EC, FD, FF, FF, 50, 56, FF, 15, 60, 30, 40, 00, 85, C0, 75, 22, FF, 15, 5C, 30, 40, 00, 50, 68, B8, 33, 40, 00, E8, 77, FB, FF, FF, 59, 59, C7, 05, 04, 40, 40, 00, FF, 00, 00, 00, E9, F7, 01, 00, 00, 56, FF, 15, 58, 30, 40, 00, 8B, 48, 3C, 03, C8, 66, 81, 38, 4D, 5A, 0F, 85, BC, 01, 00, 00, 81...
 
[+]

Entropy:
7.9317

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The file bflixinstaller.exe has been seen being distributed by the following URL.

http://download.premium.netdna-cdn.com/P32/.../BflixInstaller.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to r1.stylezip.info  (54.186.255.26:80)

TCP (HTTP):
Connects to c1.stylezip.info  (54.186.255.26:80)

 
http://c1.stylezip.info/?step_id=1&installer_id=7941590&publisher_id=941&source_id=0&page_id=0&country_code=US&locale=US&browser_id=4&download_id=23824770&external_id=0&session_id=47649540&hardware_id=55591130&installer_file_name=bflixinstaller

Remove bflixinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.