1plhblkxusg==55n2d.exe

The application 1plhblkxusg==55n2d.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from d2vubraihqcany.cloudfront.net.
Version:
1.1.0.31

MD5:
6c11385d6fc068f74660b00f7ac5627a

SHA-1:
17a8100b22140f7839bbb88a64d6470cf5547c61

SHA-256:
a99bd1453ab5fa70112e02ce5c790acc8e04e7bfda2efd36088d56550c667275

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/24/2024 1:55:36 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.609271
5807185

avast!
Adware-gen [Adw]
150319-1

AVG
Adware Generic6.ANYG
2014.0.4311

Baidu Antivirus
Adware.Win32.PennyBee
4.0.3.15512

Dr.Web
infected with Trojan.OutBrowse.576
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.609271
10.0.0.5366

ESET NOD32
multiple threats
7.0.302.0

McAfee
Program.Artemis!6C11385D6FC0
17.6.569.0

Microsoft Security Essentials
Threat.Undefined
1.197.1901.0

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Trend Micro House Call
Suspicious_GEN.F47V0504
7.2.132

VIPRE Antivirus
Threat.4150696
39676

File size:
1.9 MB (1,943,980 bytes)

Product version:
1.1.0.31

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\1plhblkxusg==55n2d.exe

File PE Metadata
Compilation timestamp:
6/6/2009 5:41:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:olrEKQWDZ0Tv8ndH4sIaLU9TK9faodqKBaDphF4sP+1ARK7EpYWb:MrEADZm0dH4taLUZKlzdqKBKF48KrTg

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file 1plhblkxusg==55n2d.exe has been seen being distributed by the following URL.

Remove 1plhblkxusg==55n2d.exe - Powered by Reason Core Security