home

bnd_ar_v9.exe

Beijing ELEX Technology Co.,Ltd

The application bnd_ar_v9.exe by Beijing ELEX Technology Co.,Ltd has been detected as a potentially unwanted program by 2 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
Beijing ELEX Technology Co.,Ltd  (signed and verified)

Version:
2.0.2.2666

MD5:
2187692e6fa14034dea9d9e9cfc800b7

SHA-1:
474d13c266341253f6f9b8005eb5f42991b251c5

SHA-256:
037fc6958b82e441e4eafb09fad48ac0f1684c41992cfba902c9907fcb2e26b9

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/27/2024 1:59:06 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/ELEX (variant)
7.8908

Reason Heuristics
PUP.BeijingELEXTechnologyCoLtd.J
14.7.10.2

File size:
515.6 KB (528,016 bytes)

Product version:
2.0.2.2666

Copyright:
Copyright (C) 2013

Original file name:
iXB.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\bnd_ar_v9.exe

Digital Signature
Signed by:
Beijing ELEX Technology Co.,Ltd

Authority:
GlobalSign nv-sa

Valid from:
7/26/2013 8:54:20 AM

Valid to:
7/27/2014 8:54:20 AM

Subject:
CN="Beijing ELEX Technology Co.,Ltd", O="Beijing ELEX Technology Co.,Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112131F67BDEA1D6D12E11D656C8BE509ECE

File PE Metadata
Compilation timestamp:
10/10/2013 10:08:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:kIGQUsbgDXkMIpVHqhwxMAW6MGN7FnH25ukg:kI6BXkM6qh8HNkRg

Entry address:
0x1000

Entry point:
68, 01, 90, 4C, 00, E8, 01, 00, 00, 00, C3, C3, F7, B8, 1A, B8, B4, 35, D8, 90, D4, E7, C8, BB, 1C, 61, E8, 20, EC, 3A, 4A, EF, CC, 93, 63, 96, A6, 86, 29, 8A, A7, DF, CC, D4, 3D, 17, BD, C6, 5D, C4, E7, 68, 7E, 8A, 2B, 61, 7A, 68, 1D, 02, 9F, 42, 22, 98, 7B, 00, 28, 6E, 36, 3D, 3E, 5D, D6, 53, 10, D8, E8, 28, 2E, 88, 8D, F9, 65, 86, E1, 65, 8A, F9, 55, D8, 5E, 04, 72, 82, A1, 47, FB, 69, 89, 9F, 70, 3D, 40, 5B, 8B, E3, 07, A3, 45, FC, 89, AB, 91, 40, 59, 19, B4, AB, 30, 0E, DC, 70, 54, 22, 9B, 31, 91, 77...
 
[+]

Entropy:
7.9619

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
508.5 KB (520,704 bytes)

Remove bnd_ar_v9.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.