» ssayfaciconvert_apf_amf_bab.exe
Overview
Analysis
File Details
Downloads (1)

ssayfaciconvert_apf_amf_bab.exe

Bit Cocktail Ltd.

The application ssayfaciconvert_apf_amf_bab.exe by Bit Cocktail has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from d3m37sp3g532jd.cloudfront.net.

File name:

Publisher:

Bitcoktail (signed by Bit Cocktail Ltd.)

MD5:

bb03b6632369d2b47e42e66e4802f08f

SHA-1:

df7b65e8ac8358dcb2fab8cf1cb35704f5263f2f

SHA-256:

57cb9ab6358d4cea3348cdf9cf83ffb0df0dc0267e6cac09b9c45dcbeae66597

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

5/10/2024 6:13:30 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Toolbar.Babylon

8.7080

Reason Heuristics

PUP.BitCocktail.FF

14.5.20.10

File size:

2 MB (2,132,256 bytes)

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\ssayfaciconvert_apf_amf_bab.exe

Digital Signature

Signed by:

Bit Cocktail Ltd.

Authority:

Thawte, Inc.

Valid from:

1/17/2012 1:00:00 AM

Valid to:

1/17/2013 12:59:59 AM

Subject:

CN=Bit Cocktail Ltd., O=Bit Cocktail Ltd., L=Herzeliya, S=Herzeliya, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

613E461899A05578474D1423CF9CC340

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:ugSpY98v/FfGOkr4eMWOL5Wlruvzh2tr1g/HSdhW0SwjG8:dSpY9A/AO+ZMWOWgbQZmehn

Entry address:

0xBA20

Entry point:

55, 8B, EC, 83, C4, C0, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, 89, 45, C0, B8, 38, B9, 40, 00, E8, 92, 8E, FF, FF, 33, C0, 55, 68, DB, C0, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 9C, C0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 7C, D3, 40, 00, 8B, 00, E8, 7E, FD, FF, FF, E8, A9, F9, FF, FF, 8D, 55, F0, 33, C0, E8, FF, C9, FF, FF, 8B, 55, F0, B8, 88, EE, 40, 00, E8, F6, 77, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 88, EE, 40, 00, B2, 01, A1, AC, 8B, 40, 00, E8, AE, D2, FF, FF, A3, 8C, EE, 40, 00, 33... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

44.5 KB (45,568 bytes)

The file ssayfaciconvert_apf_amf_bab.exe has been seen being distributed by the following URL.

http://d3m37sp3g532jd.cloudfront.net/.../ssayfaciconvert_apf_amf_bab.exe

Remove ssayfaciconvert_apf_amf_bab.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.