» bullguardsetup_ch.exe
Overview
Analysis
File Details

bullguardsetup_ch.exe

NCIS Technologies Limited

The application bullguardsetup_ch.exe by NCIS Technologies Limited has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.

File name:

Publisher:

NCIS Technologies Limited (signed and verified)

MD5:

91c3546b649406dda7080e3a3d80d90d

SHA-1:

c0e8fa3c2f5341bc38218a6bcc90c8aecee8ee41

SHA-256:

9863283e7d75464a7cf81e16933a1182bcb4711950e9e055a4bdfcf2c9349831

Scanner detections:

15 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 6:24:22 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADSPY/NaviPromo.J

7.11.38.130

avast!

Win32:PUP-gen [PUP]

2014.9-151213

AVG

RelevantKnowledge

2016.0.2897

Bitdefender

Adware.Relevant.BH

1.0.20.1735

Comodo Security

ApplicUnwnt.Win32.AdWare.RK.~E

13118

Dr.Web

Adware.Relevant.81

9.0.1.0347

ESET NOD32

Win32/Adware.MarketScore

9.7347

Fortinet FortiGate

Adware/Marketscore

12/13/2015

F-Secure

Adware.Relevant.BH

11.2015-13-12_1

G Data

Adware.Relevant.BH

15.12.22

McAfee

Artemis!91C3546B6494

5600.6553

nProtect

Adware.Relevant.BH

12.08.01.01

Sophos

RelevantKnowledge

4.79

Trend Micro House Call

TROJ_GEN.USBG20AHM

7.2.347

VIPRE Antivirus

Adware.Win32.RelevantKnowledge.a

12456

File size:

554.9 KB (568,256 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\bullguardsetup_ch.exe

Digital Signature

Signed by:

NCIS Technologies Limited

Authority:

Thawte, Inc.

Valid from:

12/14/2011 6:00:00 PM

Valid to:

12/14/2012 5:59:59 PM

Subject:

CN=NCIS Technologies Limited, O=NCIS Technologies Limited, L=Wilmington, S=Delaware, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

085CF6F3312A433B1D49A8C12B31A107

File PE Metadata

Compilation timestamp:

12/5/2009 4:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:TSeVclrj0eFrggMlwcdr0zAHqJJBIUPMV6C:TSeVcNxNObdzHqtMb

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9242

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove bullguardsetup_ch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.