home

ssayfaciconvert_apf_amf_bab.exe

Bit Cocktail Ltd.

The application ssayfaciconvert_apf_amf_bab.exe by Bit Cocktail has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from d3m37sp3g532jd.cloudfront.net.
Publisher:
Bitcoktail   (signed by Bit Cocktail Ltd.)

MD5:
af7c828a3bda740debc5c91935e43cbc

SHA-1:
0048d7735e0a893f362705ba8a387dbfc5622ba6

SHA-256:
a6ae4c7b6a0397117573ca16a6d4031027f1ef119c065bfa9f96c47c348d08c9

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
ssayfaciconvert_apf_amf_bab.exe is infected by a worm that might download, install and run additional malware as well as may spread to other executable files.

Analysis date:
4/19/2024 9:24:50 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Toolbar.Babylon
8.9307

NANO AntiVirus
Trojan.Win32.Ramnit.cqrxvz
0.28.0.57029

Reason Heuristics
PUP.BitCocktail.BB
14.4.13.10

File size:
2 MB (2,132,680 bytes)

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\ssayfaciconvert_apf_amf_bab.exe

Digital Signature
Signed by:
Bit Cocktail Ltd.

Authority:
Thawte, Inc.

Valid from:
1/16/2012 7:00:00 PM

Valid to:
1/16/2013 6:59:59 PM

Subject:
CN=Bit Cocktail Ltd., O=Bit Cocktail Ltd., L=Herzeliya, S=Herzeliya, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
613E461899A05578474D1423CF9CC340

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:1gSlY98v/FfGOkr4eMWOL5WlruvzBPAkit+pV/i2zSwjG/:+SlY9A/AO+ZMWOWgb1IKVqp

Entry address:
0xBA20

Entry point:
55, 8B, EC, 83, C4, C0, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, 89, 45, C0, B8, 38, B9, 40, 00, E8, 92, 8E, FF, FF, 33, C0, 55, 68, DB, C0, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 9C, C0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 7C, D3, 40, 00, 8B, 00, E8, 7E, FD, FF, FF, E8, A9, F9, FF, FF, 8D, 55, F0, 33, C0, E8, FF, C9, FF, FF, 8B, 55, F0, B8, 88, EE, 40, 00, E8, F6, 77, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 88, EE, 40, 00, B2, 01, A1, AC, 8B, 40, 00, E8, AE, D2, FF, FF, A3, 8C, EE, 40, 00, 33...
 
[+]

Entropy:
7.9923

Developed / compiled with:
Microsoft Visual C++

Code size:
44.5 KB (45,568 bytes)

The file ssayfaciconvert_apf_amf_bab.exe has been seen being distributed by the following URL.

http://d3m37sp3g532jd.cloudfront.net/.../ssayfaciconvert_apf_amf_bab.exe

Remove ssayfaciconvert_apf_amf_bab.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.