tbhcn.exe

tcbhn

Blabbers Communications Ltd

Part of Blabbers, a potentially unwanted browser application that may hijack or interfere with the browser's standard web searching behaviors in order to display ads. The application tbhcn.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. While running, it connects to the Internet address unknown.prolexic.com on port 80 using the HTTP protocol.
Publisher:
Blabbers Communications Ltd

Product:
tcbhn

Version:
1.0.0.9

MD5:
dcb42ad49d7978263c1c189e363c1e24

SHA-1:
7aceb15d853b64e690ef389568c82a820a628d88

SHA-256:
e74ce871a94a74a09ac617cb0604633aad867f89b96aee9e5382f4b3d2f84aa6

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/12/2017 7:20:55 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Task.BlabbersCommunications.F
188163

Reason Heuristics
PUP.Task.BlabbersCommunications.F
14.2.20.19

File size:
577 KB (590,848 bytes)

Product version:
1.0.0.9

Copyright:
(c) Blabbers Communications Ltd. All rights reserved.

Original file name:
tcbhn.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Application data\ginyasbrowsercompanion\tbhcn.exe

File PE Metadata
Compilation timestamp:
2/18/2013 10:28:56 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:AZm9OStjXwmcN1Uf6h5ASGF2DZtlgRdXFIrgVT6k29lC3/KpTBY:L9OSRgmuuib3c2DZtlgRdXFILT9l7Tu

Entry address:
0x56112

Entry point:
E8, F7, CB, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, F0, 49, 48, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 9C, B2, 46, 00, 33, C0, 39, 5D, 28, 53, 53, FF, 75, 18, 0F, 95, C0, FF, 75, 14, 8D, 04, C5, 01, 00, 00, 00, 50, FF, 75, 24, FF, D6, 8B, F8, 89...
 
[+]

Code size:
423 KB (433,152 bytes)

Scheduled Task
Task name:
GinyasBrowserCompanion Chrome Watcher

Path:
C:\WINDOWS\Tasks\GinyasBrowserCompanion Chrome Watcher.job

Trigger:
Logon (Runs on logon)

Action:
tbhcn.exe \task=1 \closebr=1 \installon=7 \active=24 \update


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to unknown.prolexic.com  (72.52.4.90:80)

Remove tbhcn.exe - Powered by Reason Core Security