» f_0000ec
Overview
Analysis
File Details

f_0000ec

Big Bulb Ideas IT Pvt Ltd

The file f_0000ec by Big Bulb Ideas IT Pvt has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.

File name:

f_0000ec

Publisher:

Big Bulb Ideas IT Pvt Ltd (signed and verified)

MD5:

bcdbbe3cb71b231425354f7e431b0827

SHA-1:

9829f3beed39888f93b75f0fad09933669766c58

SHA-256:

a48092934a2ccb157aac4d3ec8ca19e8085860724998fe9ffd7a490023e7470d

Scanner detections:

13 / 68

Status:

Adware

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

4/20/2024 12:45:07 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Downloader.Gen

7.11.210.88

Baidu Antivirus

PUA.Win32.InstallMonetizer

4.0.3.15215

Dr.Web

Threat.Undefined

9.0.1.05190

ESET NOD32

Win32/InstallMonetizer.BB potentially unwanted application

7.0.302.0

K7 AntiVirus

Trojan

13.194.14970

Malwarebytes

Riskware.Vmdetector

v2015.02.15.11

McAfee

Trojan.Artemis!841022AAD40A

16.8.708.2

Qihoo 360 Security

HEUR/QVM42.0.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.BigBulbIdeasITPvt

15.2.15.23

Rising Antivirus

NS:PUF.SilenceInstaller!1.9DDF

23.00.65.15213

Sophos

AppMonetizer Installer

4.98

Trend Micro House Call

Suspici.44A95FC4

7.2.46

VIPRE Antivirus

Threat.4786532

37588

File size:

581.1 KB (595,008 bytes)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\google\chrome\user data\default\cache\f_0000ec

Digital Signature

Signed by:

Big Bulb Ideas IT Pvt Ltd

Authority:

COMODO CA Limited

Subject:

CN=Big Bulb Ideas IT Pvt Ltd, O=Big Bulb Ideas IT Pvt Ltd, STREET="C5/1, Road#2, Vikrampuri Colony", L=Secunderabad, S=Andhra Pradesh, PostalCode=500006, C=IN

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00EC052E7D4F74A667E7C16553EE590DBE

File PE Metadata

Compilation timestamp:

12/6/2009 9:22:12 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:Tcrpp5EdVplMCB4yjvykwGYpgDvfODu1iVCJZrbJd5A81wVC/v:Q9EdXWCmO69sbfHgCJZrbJd5A81uC/v

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.8993

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove f_0000ec - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.