home

javasetup.exe

Becubudek

ConnectorBeam (New Media Holdings Ltd.)

The application javasetup.exe, “Becubudek Setup ” by ConnectorBeam (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as the free Oracle Java Runtime but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
ConnectorBeam (New Media Holdings Ltd.)  (signed and verified)

Product:
Becubudek

Description:
Becubudek Setup

Version:
1.6.1.0

MD5:
c5a19a71f56b4bbf928f66bfaf696543

SHA-1:
99e06364e20e371c0c8d5a132673f3fea0a7c0fa

SHA-256:
543779b9a71b238f921fb625c59607a7350f25d368556489d6a08b5e8a35d56c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/14/2024 4:43:23 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH (M)
17.3.11.4

File size:
1.2 MB (1,286,368 bytes)

Product version:
3.0.4

Copyright:
Wizard

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\javasetup.exe

Digital Signature
Signed by:
ConnectorBeam (New Media Holdings Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
3/15/2016 2:11:14 PM

Valid to:
5/23/2017 5:32:04 PM

Subject:
CN=ConnectorBeam (New Media Holdings Ltd.), O=ConnectorBeam (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11212D71259ED669D28D6D8FBB7A7C0C6F79

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file javasetup.exe has been seen being distributed by the following URL.

http://www.newrepositorybody.com/AkMJDxZ2yoP1T1yKqjJmqWUrNEThfU4UQiAdM7qSAGLeBpDBXHkPhWlyRGE6a2eL7jzRAZypsPk_fkdO6Y4FaIV4HKcLsWoAIDJHkg8eoeMzmt0FnKI2N6aFWyYRd77Fhy5HHqfOEcO ics8vp0P0VtA7xRJRj7WeDqX0AgYHVqOtCbecNTcyJ4vp2d6 Ci0CRg7cmPUWsE2Ca28ZtMqmB8tlpyMdZWb1hizf5VCs9jwNdEphmSWi7TQK88marMZAC9w3qgermgR56h5d1jGd53SzoTst2M97qAVq7 dkvjatbGLbfgBczbdgw1g32iDC4vWS50eNnOVfhVvZSBt0NzoWs31Jvj5fi8_vBKIqDNwv8PBlVRgmmG8sGpn2p 7c1aX E8jSyJs8R8e_gQBiYw9ItQ_oC2DTIUk84g799sfx4gCdzOfz_Y7m1ZgjvGRpeLt3m3jUw_ggLf775vLtZFFOwVQ acwzdYNGdZuzcu3S9XTQmyekqZ_vRzSdoHKqwdeVF7a xBUV68IJAxN6H4AUxLyWEgPlpqK_dLm 5U6Rh_9WlpdAxvjbl8OME39QyVERRpDFjJl7eo6g7fhBRAXJ78ucMkNd2e2oLEo5M0QbhIMfLc4ar6p1AuREVHAq_czjXk t8q43gzBnD4fIT39lkdHtJ15SIIDx0HZVspU2MyedRAFMqwKHwNJHH6G8IX1FFhBdIUVwGBfzFQQ1U5Yxt3tYjvqcSNzolecAPIQ60naih8Tn9ejZ0PAJRsUIml6uiQM8xzYR57esvjRhw58k_wPcwNa_OjRV2 HRrmZhKugjBNfHf9L Bw5c8tpulJNMz25DUDxdjTnuU5gV RhEPC Ow==-GzYAAORtm0vBUfhuqMOwiEKKuhCBClpIbmBKjV90oj0xU89xWwQq jbgJCL4CsgBL1zx wI=

Remove javasetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.