» f_004e0a
Overview
Analysis
File Details

f_004e0a

Big Bulb Ideas IT Pvt Ltd

The file f_004e0a by Big Bulb Ideas IT Pvt has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.

File name:

f_004e0a

Publisher:

Big Bulb Ideas IT Pvt Ltd (signed and verified)

MD5:

a651b736618996300c9b22fdd2263a05

SHA-1:

ef9d8c1351e75ba93b68d6e1e996c4460fec7877

SHA-256:

61672a2034701c6d0d3108bfa4d2db9fc255c6deace88986e4f7aa3bfd7ed130

Scanner detections:

12 / 68

Status:

Adware

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

4/19/2024 10:49:19 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Downloader.Gen

7.11.212.6

Baidu Antivirus

PUA.Win32.InstallMonetizer

4.0.3.15222

Dr.Web

Adware.Downware.8749

9.0.1.053

ESET NOD32

Win32/InstallMonetizer.BB potentially unwanted

9.11215

K7 AntiVirus

Trojan

13.197.15043

McAfee

Artemis!A651B7366189

5600.6846

NANO AntiVirus

Riskware.Nsis.Downware.dnxngr

0.30.0.296

Qihoo 360 Security

HEUR/QVM42.0.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.BigBulbIdeasITPvt

15.2.22.16

Rising Antivirus

NS:PUF.SilenceInstaller!1.9DDF

23.00.65.15220

Trend Micro House Call

Suspicious_GEN.F47V0219

7.2.53

VIPRE Antivirus

InstallMonetizer

37794

File size:

422.4 KB (432,536 bytes)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\google\chrome\user data\default\cache\f_004e0a

Digital Signature

Signed by:

Big Bulb Ideas IT Pvt Ltd

Authority:

COMODO CA Limited

Valid from:

11/27/2013 6:00:00 PM

Valid to:

11/28/2014 5:59:59 PM

Subject:

CN=Big Bulb Ideas IT Pvt Ltd, O=Big Bulb Ideas IT Pvt Ltd, STREET="C5/1, Road#2, Vikrampuri Colony", L=Secunderabad, S=Andhra Pradesh, PostalCode=500006, C=IN

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00EC052E7D4F74A667E7C16553EE590DBE

File PE Metadata

Compilation timestamp:

12/5/2009 4:52:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:V1Pp5EdVplMCB40ioRSWpgpGeg00DuUbJd5A8K:jEdXWCm0ioEpGX0cbJd5A8K

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.8393

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove f_004e0a - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.