» tbhcn.exe
Overview
Analysis
File Details
Network (1)

tbhcn.exe

Blabbers Communications Ltd

Part of Blabbers, a potentially unwanted browser application that may hijack or interfere with the browser's standard web searching behaviors in order to display ads. The application tbhcn.exe by Blabbers Communications has been detected as adware by 3 anti-malware scanners. While running, it connects to the Internet address unknown.prolexic.com on port 80 using the HTTP protocol.

File name:

tbhcn.exe

Publisher:

Blabbers Communications Ltd (signed and verified)

MD5:

c16839db1f0cb8e308049514bb5736c1

SHA-1:

a9cc2972348a18fd71ec004735cacad2a89e0b6e

SHA-256:

e21d2e8cc6b821936d24afbfadaa459d9121d6d27f0cd07dc08c1d518abc605b

Scanner detections:

3 / 68

Status:

Adware

Analysis date:

4/24/2024 3:18:41 PM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Optional.BlabbersCommunications.F

188838

ESET NOD32

Win32/BrowserCompanion (variant)

7.9094

Reason Heuristics

PUP.BlabbersCommunications.F

14.8.7.17

File size:

716.2 KB (733,376 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\browsercompanion\tbhcn.exe

Digital Signature

Signed by:

Blabbers Communications Ltd

Authority:

COMODO CA Limited

Valid from:

2/21/2012 3:00:00 AM

Valid to:

2/21/2014 2:59:59 AM

Subject:

CN=Blabbers Communications Ltd, O=Blabbers Communications Ltd, STREET=Arad 3, L=Tel Aviv, S=Israel, PostalCode=43034, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A56E0C91F7B125DC48FCA4C6077C7BC6

File PE Metadata

Compilation timestamp:

9/12/2012 1:02:28 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:o397AS1Iu4WK4AJykByvP//dPLIWDop9w1rbCg0ADOWCfoMA/04AZbiYbdwW28:o397AnIDAXE/dLBD8C1rWg0ACNhA/044

Entry address:

0x800FB

Entry point:

E8, 63, D8, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 69, 01, 48, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, B1, 58, 01, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D... 
[+]

Entropy:

6.7530

Code size:

601 KB (615,424 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to unknown.prolexic.com (72.52.4.90:80)

Remove tbhcn.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.