home

bubblehit_mp_pgr.exe

Bubble Hit by GamePacks

SweetIM Technologies Ltd

This is part of the Montera web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application bubblehit_mp_pgr.exe, “Bubble Hit Installer by GamePacks” by SweetIM Technologies has been detected as adware by 8 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This will modify the wbe browser's home and search pages and search provider as well as display various advertisements.
Publisher:
SweetIM Technologies Ltd.  (signed by SweetIM Technologies Ltd)

Product:
Bubble Hit by GamePacks

Description:
Bubble Hit Installer by GamePacks

Version:
4, 1, 0, 1

MD5:
78b6e2d122739b93ff6fd9a9ee04e27d

SHA-1:
8167481d0edc8924a100e7084f81322e929c41a0

SHA-256:
27c0ed0a8ff86538842e3ab14560041df342f3df8cfa17706b8747a04d1345ef

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
4/19/2024 10:56:22 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.SweetIM.26
9.0.1.0167

ESET NOD32
Win32/SweetIM (variant)
8.8881

Malwarebytes
PUP.Optional.SweetIM
v2014.06.16.01

McAfee
Artemis!A406D4815E7A
5600.7097

NANO AntiVirus
Trojan.Win32.TorrentEasy.cqzrur
0.28.0.59492

Reason Heuristics
PUP.Installer.SweetIM.Q
14.8.7.19

Trend Micro House Call
TROJ_GEN.F47V0916
7.2.167

VIPRE Antivirus
Sweetpacks/SweetIM
22134

File size:
758.2 KB (776,424 bytes)

Product version:
4, 1, 0, 1

Copyright:
Copyright © 2011 SweetIM Technologies Ltd.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\bubblehit_mp_pgr.exe

Digital Signature
Signed by:
SweetIM Technologies Ltd

Authority:
VeriSign, Inc.

Valid from:
1/10/2011 1:00:00 AM

Valid to:
2/5/2014 12:59:59 AM

Subject:
CN=SweetIM Technologies Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SweetIM Technologies Ltd, L=Ra'anana, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5E3BF2B52DA9EA7F1B539A7F018F4EC6

File PE Metadata
Compilation timestamp:
8/15/2013 3:54:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:08TAD0I4A0ybsVtNbYONLHuz5qD/mZZTdfNz6qA0sWISur90oSF:5d60bY4Huz4UJfNz7A8aU

Entry address:
0x216CC0

Entry point:
60, BE, 00, 90, 56, 00, 8D, BE, 00, 80, E9, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 4F, 47, 21, 00, 57, 83, C3, 04, 53, 68, B5, DC, 0A, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
700 KB (716,800 bytes)

The file bubblehit_mp_pgr.exe has been seen being distributed by the following URL.

http://download.perion.com/h/id/.../installer.exe

Remove bubblehit_mp_pgr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.