2yourface_14.exe

Smart

OutBrowse Ltd

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application 2yourface_14.exe by OutBrowse has been detected as adware by 21 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from download.2yourface.com.
Publisher:
OutBrowse  (signed by OutBrowse Ltd)

Product:
Smart

Description:
Manages Products

Version:
1.0.0.1

MD5:
73093e49dc897da9aaa081e82513db3c

SHA-1:
0136074890a338a3e7ac56afc58ee0667db91498

SHA-256:
dff091b20b3c07d65dbaedc9a7615c2ed505c5448d1dd0b9ad3856599645e9e9

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/23/2024 4:19:42 PM UTC  (today)

Scan engine
Detection
Engine version

Bitdefender
Adware.BHO.WVA
1.0.20.1790

Clam AntiVirus
Win.Adware.Bho-408
0.98/18155

Comodo Security
UnclassifiedMalware
16794

Dr.Web
Adware.Downware.581
9.0.1.0358

Emsisoft Anti-Malware
Adware.BHO.WVA
8.13.12.24.12

ESET NOD32
Win32/OutBrowse (variant)
7.8705

Fortinet FortiGate
Adware/Fam.NB
12/24/2013

F-Prot
W32/Backdoor2.HNBF
v6.4.7.1.166

F-Secure
Adware.BHO.WVA
11.2013-24-12_3

G Data
Adware.BHO.WVA
13.12.22

IKARUS anti.virus
AdWare.BHO.WVA
t3scan.2.0.127

Malwarebytes
PUP.Optional.OutBrowse
v2013.12.24.12

McAfee
Artemis!73093E49DC89
5600.7272

MicroWorld eScan
Adware.BHO.WVA
14.0.0.1074

NANO AntiVirus
Trojan.Win32.Downware.brlvia
0.26.0.53954

nProtect
Adware.BHO.WVA
13.08.20.01

Reason Heuristics
PUP.OutBrowse.M
14.8.7.17

Sophos
Mal/Generic-S
4.91

Trend Micro House Call
TROJ_SPNR.03A813
7.2.358

Trend Micro
TROJ_SPNR.03A813
10.465.24

VIPRE Antivirus
OutBrowse
20690

File size:
482.4 KB (493,928 bytes)

Product version:
1.0.0.1

Copyright:
(c)OutBrowse. All rights reserved.

Original file name:
Smart.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\2yourface_14.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/11/2012 5:30:00 AM

Valid to:
1/11/2013 5:29:59 AM

Subject:
CN=OutBrowse Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OutBrowse Ltd, L=Ramat Gan, S=Merkaz, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
51AC0634BE5BEE7A290676D4A583D04A

File PE Metadata
Compilation timestamp:
10/14/2012 6:50:06 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:KerF0TL1zmSdVY8ql7C1Ydv+oxpLQc5mCDbcyiydrJ2yscnnnnngA5PzUINS:K/TLZdVY8gfj1lPcyiydrJ5nnnnnKINS

Entry address:
0x3C966

Entry point:
E8, B3, 66, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, D4, 08, 46, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 63, CD, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 53, CD, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49, 00, 8D, 04, 5B, 8B, 4C, 86...
 
[+]

Entropy:
6.1872

Code size:
314 KB (321,536 bytes)

The file 2yourface_14.exe has been seen being distributed by the following URL.

Remove 2yourface_14.exe - Powered by Reason Core Security