home

bmrcalculatorsetup_ch.exe

NCIS Technologies Ltd.

The application bmrcalculatorsetup_ch.exe by NCIS Technologies has been detected as a potentially unwanted program by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
NCIS Technologies Ltd.  (signed and verified)

MD5:
d15239771ff84d0e40687698fe1fe816

SHA-1:
78a5ec5700b71bfb93a2549b30a1e2781026771e

SHA-256:
6225dec10637ce3faebc781ede885561dd8318783f4070c2fed54ed47584195f

Scanner detections:
21 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 5:36:51 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Adware.Relevant.CA
6198839

Agnitum Outpost
Adware.MarketScore
7.1.1

Avira AntiVirus
ADSPY/NaviPromo.J
7.11.196.226

avast!
Relevant-S [PUP]
141214-1

AVG
Potentially harmful program RelevantKnowledge
2014.0.4235

Bitdefender
Dropped:Adware.Relevant.CA
1.0.20.1765

Clam AntiVirus
W32S.Adware.RelevantKnowledge-2
0.98/19807

Comodo Security
ApplicUnwnt.Win32.AdWare.RK.~E
20419

Dr.Web
Threat.Undefined
9.0.1.05190

Emsisoft Anti-Malware
Dropped:Adware.Relevant.CA
9.0.0.4668

ESET NOD32
multiple threats
7.0.302.0

F-Secure
Dropped:Adware.Relevant.CA
11.2014-19-12_6

G Data
Dropped:Adware.Relevant.CA
14.12.24

Malwarebytes
PUP.Optional.RelevantKnowledge
v2014.12.19.05

MicroWorld eScan
Dropped:Adware.Relevant.CA
15.0.0.1059

NANO AntiVirus
Trojan.Win32.Relevant.crgfum
0.28.6.64267

Norman
Dropped:Adware.Relevant.CA
04.12.2014 14:30:06

nProtect
Dropped:Adware.Relevant.CA
14.12.19.01

Sophos
PUA 'RelevantKnowledge' (of type Adware)
5.09

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4753064
35418

File size:
658.8 KB (674,560 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\bmrcalculatorsetup_ch.exe

Digital Signature
Signed by:
NCIS Technologies Ltd.

Authority:
VeriSign, Inc.

Valid from:
12/17/2012 6:00:00 PM

Valid to:
12/18/2013 5:59:59 PM

Subject:
CN=NCIS Technologies Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NCIS Technologies Ltd., L=New York, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
585C0AB9FDA6AAF250B85A01CC89A67D

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:P4rvjAtn7Gup+lMdE/GlB++60eFrggMlwcdr0zAUw6Jv7v:P4rr8nycdE+K+YNObdz+v7v

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9670

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove bmrcalculatorsetup_ch.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.