home

freeocr___1_10209_gc.exe

Big Bulb Ideas IT Pvt Ltd

The application freeocr___1_10209_gc.exe by Big Bulb Ideas IT Pvt has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.
Publisher:
Big Bulb Ideas IT Pvt Ltd  (signed and verified)

MD5:
b391903081d7fdbbac2a3c265b8302d9

SHA-1:
030acb73a74d66dcf4f4966c049b68d0a6490990

SHA-256:
0e521d37f1c106b8b314e565cf6dc371cf5e464dffdb02f76c2814bdc7393455

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
4/26/2024 2:30:16 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen
7.11.199.92

avast!
Win32:Malware-gen
2014.9-151108

Baidu Antivirus
Adware.Win32.InstallMonetizer
4.0.3.15118

Dr.Web
Adware.Downware.8749
9.0.1.0312

ESET NOD32
Win32/InstallMonetizer.BB
9.10961

K7 AntiVirus
Unwanted-Program
13.1814525

Malwarebytes
Riskware.Vmdetector
v2015.11.08.09

McAfee
Artemis!B391903081D7
5600.6588

Reason Heuristics
PUP.InstallMonetizer.BigBulbIdeasITPvt (M)
15.11.8.9

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.151106

Sophos
Generic PUA II
4.98

Trend Micro House Call
Suspicious_GEN.F47V1203
7.2.312

File size:
590.9 KB (605,128 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\freeocr___1_10209_gc.exe

Digital Signature
Signed by:
Big Bulb Ideas IT Pvt Ltd

Authority:
COMODO CA Limited

Valid from:
11/28/2013 2:00:00 AM

Valid to:
11/29/2014 1:59:59 AM

Subject:
CN=Big Bulb Ideas IT Pvt Ltd, O=Big Bulb Ideas IT Pvt Ltd, STREET="C5/1, Road#2, Vikrampuri Colony", L=Secunderabad, S=Andhra Pradesh, PostalCode=500006, C=IN

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EC052E7D4F74A667E7C16553EE590DBE

File PE Metadata
Compilation timestamp:
12/6/2009 12:52:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:v/Cp5EdVplMCB45H2GDrO/1bJd5AWVOB+Du1rVCQaybJd5A81wVC/s:naEdXWCm5HfI1bJd5AWoB35CQaybJd5w

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9023

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove freeocr___1_10209_gc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.