home

bs-demo.exe

BuzzSize

Buzz Tools, Inc.

The application bs-demo.exe, “Embroidery Software” by Buzz Tools has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the Setup Factory installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.buzztools.com and multiple other hosts.
Publisher:
Buzz Tools, Inc.  (signed and verified)

Product:
BuzzSize

Description:
Embroidery Software

Version:
2.4.8.172

MD5:
47f946bbc9c2e5b9e310541d43b3d5a6

SHA-1:
8ec10cb65ba2a6ef5bec9dd402ef0a2c08f7cb43

SHA-256:
2d7bf85034880db4afed69fed1d9baac4c86e3d51c1830aa40bac655c2679903

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 5:02:11 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.BhoSiggen.7762
9.0.1.01

ESET NOD32
Detection.Undefined
7.0.302.0

F-Secure
Riskware.Gen:Variant.Application.Bundler
5.15.21

File size:
5.9 MB (6,137,016 bytes)

Product version:
2.4.8.172

Copyright:
Copyright © 2000-2013 Buzz Tools, Inc. Protected by U.S. Pat. 6,167,823 B1; 6,502,006 B1;6,584,921 B2

Trademarks:
BuzzEdit®, Stitches-in-Time®, Buzz Tools®

Original file name:
suf_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\downloads\bs-demo.exe

Digital Signature
Signed by:
Buzz Tools, Inc.

Authority:
VeriSign, Inc.

Valid from:
6/28/2012 7:00:00 PM

Valid to:
8/24/2015 6:59:59 PM

Subject:
CN="Buzz Tools, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Buzz Tools, Inc.", L=San Ramon, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
68CA74381BD277D481A5F995FA3F5519

File PE Metadata
Compilation timestamp:
4/10/2013 8:08:35 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:LKqQTl7kYQoSd6uxcDJw7eCSoY5+qoBBKh4MZlWh6/EumReNW096f4VOvsQl:TQTl7kKM6uGDJwCCSQqoBBK9Sh6/Eua7

Entry address:
0x29E1

Entry point:
E8, A6, 1D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, C8, AB, 40, 00, 83, 3C, F5, 54, A0, 40, 00, 01, 75, 1D, 8D, 04, F5, 50, A0, 40, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, FF, 15, C0, 70, 40, 00, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D3, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 50, A0, 40, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, C4, 70, 40, 00, 56, BE, 50, A0, 40, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 18, FD, FF, FF, 83, 26, 00, 59, 83, C6, 08...
 
[+]

Entropy:
7.9725  (probably packed)

Code size:
22 KB (22,528 bytes)

The file bs-demo.exe has been seen being distributed by the following 2 URLs.

http://www.buzztools.com/.../bs208(172h).exe

https://www.buzztools.com/.../bs208(172h).exe

Remove bs-demo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.