160794_cilicupconvertel[bagas31].rar.exe

The application 160794_cilicupconvertel[bagas31].rar.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from get.file21desktop.com.
MD5:
e977dcc1bc07ba7e9b20f6fcc3ed8a76

SHA-1:
ee5096bcdc71bc4e1a6af509f3379f4354963bee

SHA-256:
5bdac888704a83ed0d65fb23b547934027008b664d499f5888facdf374ee6c4e

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/25/2024 3:37:40 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160215-2

AVG
Win32/Sality
2015.0.4530

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.Adware-OutBrowse.c
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.6304.0

VIPRE Antivirus
Threat.4721115
47028

File size:
634 KB (649,200 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\160794_cilicupconvertel[bagas31].rar.exe

File PE Metadata
Compilation timestamp:
12/6/2009 5:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:Xt80g+TGieUYSchRfmfHFDFZ1bgR7HsmtWHDxwgR5zpFOJIBSBjIKinU/JLrAXo:XtdmHSefcxZ1be7HlmwIZpFO2BSCKsUX

Entry address:
0x30FA

Entry point:
60, 2B, D8, 0F, AF, D9, 68, 58, 42, CF, 00, 8D, 35, 4C, F6, 88, C7, 1C, FE, F6, C1, D3, 86, E5, 0F, BF, C8, 8D, 15, 96, B1, 2A, 73, 8B, D8, 81, FB, A3, A7, 00, 00, 74, 08, 8D, 05, 5C, A1, CD, 1D, 85, CA, E8, 00, 00, 00, 00, 0F, BF, ED, B9, 81, 38, 63, 5A, 01, C1, 84, DA, 23, D6, F6, C2, 87, 01, F1, 8A, F4, BF, 13, C5, 00, 00, C7, C5, 63, 17, C1, 21, 21, FD, 0A, E2, 84, D9, 32, F3, 8A, F7, 33, DF, EB, 08, 69, CE, 6E, D1, 78, EE, 12, D1, 59, 0F, AF, F0, 81, FE, 3F, F1, 00, 00, 74, 05, 8B, C5, F6, C6, E1, 8D...
 
[+]

Entropy:
7.9730  (probably packed)

Code size:
23.5 KB (24,064 bytes)

The file 160794_cilicupconvertel[bagas31].rar.exe has been seen being distributed by the following URL.

Remove 160794_cilicupconvertel[bagas31].rar.exe - Powered by Reason Core Security