home

bprotect.exe

Setup

SIEN S.A.

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application bprotect.exe by SIEN S.A has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the SIEN SuperInstall installer. It is also typically executed from an Internet Explorer cache folder.
Publisher:
IM  (signed by SIEN S.A.)

Product:
Setup

Description:
IMSetup

Version:
1.35.4.1

MD5:
04545fb8c72cf3f408c82ed7907226d4

SHA-1:
70d124c5ee6165902f6c44502bb482df126c3f24

SHA-256:
77ce4e95510c58e1fcd84b4280ded194732d906234940bafc3dc18f420118c80

Scanner detections:
2 / 68

Status:
Potentially unwanted

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 10:10:48 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.SIENSA.I
14.8.28.23

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
633.5 KB (648,672 bytes)

Product version:
1.35.4.1

Copyright:
(c) IM. All rights reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\bprotect.exe

Digital Signature
Signed by:
SIEN S.A.

Authority:
GlobalSign nv-sa

Valid from:
5/12/2014 11:20:39 AM

Valid to:
5/13/2015 11:20:39 AM

Subject:
E=support@sien.com, CN=SIEN S.A., O=SIEN S.A., L=Paris, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D12A06D1B366EFC0AF40F74B7D6BFEFE

File PE Metadata
Compilation timestamp:
8/28/2014 11:25:37 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:PrUaV2wN4wzXplDu5/ON/wsEUUcEA+gPlT1vPD3LQS036hjG/6jAIniu4QA:g3wNHzXplDu5OY63iu4Q

Entry address:
0x13647

Entry point:
E8, 45, 7A, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, 83, 66, 04, 00, C7, 06, 4C, 73, 42, 00, C6, 46, 08, 00, FF, 30, E8, A8, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 45, 08, C7, 01, 4C, 73, 42, 00, 8B, 00, 89, 41, 04, C6, 41, 08, 00, 8B, C1, 5D, C2, 08, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, 83, 66, 04, 00, C7, 06, 4C, 73, 42, 00, C6, 46, 08, 00, E8, 12, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 4C, 73, 42, 00, E9, 96, 00, 00, 00, 55, 8B, EC, 56, 57, 8B, 7D, 08...
 
[+]

Entropy:
6.0060

Code size:
144.5 KB (147,968 bytes)

Remove bprotect.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.