home

bm_installer.exe

The executable bm_installer.exe has been detected as malware by 41 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. This is the uninstaller utility registered in the Windows Control Panel for the program Uniblue RegistryBooster by Uniblue Systems Ltd. The file is most likely infected with the Neshta virus, a Russian virus that gathers system information and send it to a remote command and cotrol server.
MD5:
cb6a8d7264578daf1beb5cb64e1cfaed

SHA-1:
c80f51fa5fb7cc0db22e21b2cfba15dfc51b56c0

SHA-256:
971e01b586d41e628afa01adc82c4aabe825ee14d04a851513aa3a318e503a5f

Scanner detections:
41 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/30/2024 12:48:25 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Neshta.A
6387489

Agnitum Outpost
Win32.Neshta.A
7.1.1

AhnLab V3 Security
Win32/Neshta
2013.08.22

Avira AntiVirus
W32/Delf.I
7.11.30.172

avast!
Win32:Apanas [Trj]
150102-1

AVG
Worm/Delf.FF
2014.0.4253

Baidu Antivirus
Virus.Win32.Neshta.$a
4.0.3.1516

Bitdefender
Win32.Neshta.A
1.0.20.30

Bkav FE
W32.HanGu.PE
1.3.0.4959

Clam AntiVirus
W32.Neshuta.A
0.98/19885

Comodo Security
Win32.Neshta.A
16801

Dr.Web
Win32.HLLP.Neshta
9.0.1.05190

Emsisoft Anti-Malware
Win32.Neshta
9.0.0.4799

ESET NOD32
Win32/Neshta.A virus
7.0.302.0

Fortinet FortiGate
W32/Neshta.A
1/6/2015

F-Prot
W32/HLLP.41472
4.6.5.141

F-Secure
Win32.Neshta.A
5.13.68

G Data
Win32.Neshta
15.1.22

IKARUS anti.virus
Virus.Win32.Neshta
t3scan.2.0.127

K7 AntiVirus
Virus
13.170.9337

Kaspersky
Virus.Win32.Neshta
15.0.0.543

Malwarebytes
Trojan.Agent
v2015.01.06.06

McAfee
W32/HLLP.41472.e
5600.6894

Microsoft Security Essentials
Virus:Win32/Neshta.A
1.163.1557.0

MicroWorld eScan
Win32.Neshta.A
16.0.0.18

NANO AntiVirus
Virus.Win32.Neshta.cdby
0.26.0.53954

Norman
Win32.Neshta.A
03.12.2014 13:20:04

nProtect
Virus/W32.Neshta
13.08.21.03

Panda Antivirus
W32/Neshta.A
15.01.06.06

Qihoo 360 Security
Virus.Win32.Neshta.B
1.0.0.1015

Quick Heal
W32.Neshta.A
1.15.12.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.1.6.5

Rising Antivirus
Win32.Netsha.a
23.00.65.15104

Sophos
Virus 'W32/Bloat-A'
5.09

Total Defense
Win32/Neshta.A
37.0.10498

Trend Micro House Call
PE_NESHTA.A
7.2.6

Trend Micro
PE_NESHTA.A
10.465.06

Vba32 AntiVirus
Virus.Win32.Neshta.a
3.12.22.3

VIPRE Antivirus
Virus.Win32.Neshta.a
20730

ViRobot
Win32.Neshta.B
2011.4.7.4223

Zillya! Antivirus
Virus.Neshta.Win32.1
2.0.0.2026

File size:
3.2 MB (3,324,824 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\{83c3b2fd-37ea-4c06-a228-e9b5e32ff0b1}\bm_installer.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:FBTyWgZInlAmpqmAJjaEhcE30H2PntwJY:FB9uInumwhtkHwyY

Entry address:
0x80E4

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E8, 89, 45, E4, 89, 45, EC, B8, 54, 80, 40, 00, E8, 12, BE, FF, FF, 33, C0, 55, 68, 20, 82, 40, 00, 64, FF, 30, 64, 89, 20, B8, A8, 91, 40, 00, B9, 0B, 00, 00, 00, BA, 0B, 00, 00, 00, E8, 5C, EF, FF, FF, B8, B4, 91, 40, 00, B9, 09, 00, 00, 00, BA, 09, 00, 00, 00, E8, 48, EF, FF, FF, B8, C0, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 34, EF, FF, FF, B8, DC, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 20, EF, FF, FF, A1, 10, 92, 40...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
29 KB (29,696 bytes)

Program Uninstaller
Program name:
Uniblue RegistryBooster

Display publisher:
Uniblue Systems Ltd

Display version:
6.0.10.7

Uninstall string:
"C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe" REMOVE=TRUE MODIFY=FALSE


Remove bm_installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.