1430589739.exe

RUn Apps foreVer LLd

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application 1430589739.exe by RUn Apps foreVer LLd has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the OutBrowse Revenyou installer. It is also typically executed from the user's temporary directory.
Publisher:
RUn Apps foreVer LLd  (signed and verified)

Version:
2015.52.180.64

MD5:
c6e6d2e6fcf22d2321054628302ab189

SHA-1:
0ad286614d332ab0bb21640e9990cbd71cb8b393

SHA-256:
f1ab5aa761131487da788c48b827efe09494b2660232b70d2f328fb545e9cd4e

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 4:46:00 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse (M)
17.1.12.10

File size:
764 KB (782,384 bytes)

Product version:
2015.52.180.64

Copyright:
Copyright (C) 2015

Original file name:
20155218064.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\1430589739.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
4/30/2015 2:00:00 AM

Valid to:
1/28/2016 12:59:59 AM

Subject:
CN=RUn Apps foreVer LLd, O=RUn Apps foreVer LLd, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
77D95BD353EB8093EFC379EC6939C9BC

File PE Metadata
Compilation timestamp:
5/2/2015 8:00:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x7A78B

Entry point:
E8, BA, A9, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, F0, 57, 49, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 68, 50, 49, 00, C9, C2, 08, 00, B8, 8F, 5C, 48, 00, A3, 78, 1F, 4B, 00, C7, 05, 7C, 1F, 4B, 00, 85, 53, 48, 00, C7, 05, 80, 1F, 4B, 00, 39, 53, 48, 00, C7, 05, 84, 1F, 4B, 00, 72, 53, 48, 00, C7, 05...
 
[+]

Code size:
590.5 KB (604,672 bytes)

Remove 1430589739.exe - Powered by Reason Core Security