home

beamrise.exe

Beamrise

SIEN S.A.

The application beamrise.exe by SIEN S.A has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Beamrise’. While running, it connects to the Internet address no-dns-yet.ccanet.co.uk on port 443.
Publisher:
The Beamrise Authors  (signed by SIEN S.A.)

Product:
Beamrise

Version:
32.2.1700.77

MD5:
7bb8d5e33095fe1057daab41a1252d84

SHA-1:
1d2bfe9ea578ffc14774d6413e069101e835e1ec

SHA-256:
f3ec942003b1c6ad678386299796bb4349147641ad8f9735050e95422dfe99f4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/20/2024 5:28:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SIENSA.I
14.4.14.8

File size:
1.5 MB (1,560,864 bytes)

Product version:
32.2.1700.77

Copyright:
Copyright 2013 The Beamrise Authors. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\beamrise\application\beamrise.exe

Digital Signature
Signed by:
SIEN S.A.

Authority:
VeriSign, Inc.

Valid from:
8/22/2012 8:00:00 AM

Valid to:
8/23/2014 7:59:59 AM

Subject:
CN=SIEN S.A., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SIEN S.A., L=Paris, S=France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
514EA00D30C8C244C3E818890BF73967

File PE Metadata
Compilation timestamp:
4/2/2014 5:56:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:6YmRURcpqtbF8k5ui7Mc0VZn7CxNlbLua3F:VmQIAikB7MtVZnOF

Entry address:
0x53333

Entry point:
E8, 69, BA, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, E4, 22, 47, 00, 57, FF, 35, 34, 55, 4A, 00, FF, D6, FF, 35, 30, 55, 4A, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, BF, BA, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73, 02, 8B, C3, 03, C3, 3B, C3, 72, 0F, 50, FF, 75, FC, E8, F1, 4B, 00, 00, 59, 59, 85, C0, 75, 16, 8D, 43, 10, 3B, C3, 72, 3E, 50, FF, 75, FC, E8...
 
[+]

Entropy:
6.5242

Code size:
450.5 KB (461,312 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Beamrise

Command:
"C:\users\{user}\appdata\local\beamrise\application\beamrise.exe" --auto-launch-at-startup --profile-directory="default"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to e2.ycpi.vip.sja.yahoo.com  (69.147.88.8:80)

TCP (HTTP SSL):
Connects to jg-in-f101.1e100.net  (209.85.147.101:443)

TCP (HTTP):
Connects to ec2-50-19-113-170.compute-1.amazonaws.com  (50.19.113.170:80)

TCP (HTTP SSL):
Connects to no-dns-yet.ccanet.co.uk  (178.255.87.3:443)

TCP (HTTP SSL):
Connects to ir1.fp.vip.sg3.yahoo.com  (106.10.139.246:443)

TCP (HTTP):
Connects to a23-35-214-217.deploy.static.akamaitechnologies.com  (23.35.214.217:80)

TCP (HTTP SSL):
Connects to 41.254.37.59.static.ltt.ly  (41.254.37.59:443)

TCP (HTTP SSL):
Connects to 41.254.37.49.static.ltt.ly  (41.254.37.49:443)

TCP (HTTP SSL):
Connects to 41.254.37.30.static.ltt.ly  (41.254.37.30:443)

TCP (HTTP SSL):
Connects to ec2-52-206-210-214.compute-1.amazonaws.com  (52.206.210.214:443)

TCP (HTTP):
Connects to ec2-54-225-218-109.compute-1.amazonaws.com  (54.225.218.109:80)

TCP (HTTP):
Connects to a84-53-133-17.deploy.akamaitechnologies.com  (84.53.133.17:80)

TCP (HTTP):
Connects to media-router-rc1.prod.media.vip.gq1.yahoo.com  (206.190.42.177:80)

TCP (HTTP SSL):
Connects to ir1.fp.vip.gq1.yahoo.com  (206.190.36.45:443)

TCP (HTTP):
Connects to ec2-23-23-152-121.compute-1.amazonaws.com  (23.23.152.121:80)

TCP (HTTP):
Connects to ec2-23-23-112-220.compute-1.amazonaws.com  (23.23.112.220:80)

TCP (HTTP):
Connects to ec2-107-21-121-128.compute-1.amazonaws.com  (107.21.121.128:80)

TCP (HTTP):
Connects to e1.ycpi.vip.tpb.yahoo.com  (124.108.101.57:80)

TCP (HTTP SSL):
Connects to media-router1.prod.media.vip.ir2.yahoo.com  (188.125.82.85:443)

Remove beamrise.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.