3db.exe

OUTbrowse Ltd

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application 3db.exe by OUTbrowse has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from mn4sfw-sn3301.files.1drv.com and multiple other hosts.
Publisher:
OUTbrowse Ltd  (signed and verified)

MD5:
4f1acf654cfe560c70c19ad104fff419

SHA-1:
d45fc1015a8002c53f162a38628724278b8de814

SHA-256:
61cb84ef2b40d7b59ff73cbcc7e6b7482b1c737e7770be0964557300eac9acae

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 9:44:31 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
Rkit/Agent.569536
7.11.175.156

avast!
Win32:Adware-gen [Adw]
2014.9-141002

AVG
Generic
2015.0.3333

Baidu Antivirus
Adware.Win32.OutBrowse
4.0.3.14102

Dr.Web
Trojan.Packed.28499
9.0.1.0275

ESET NOD32
Win32/OutBrowse.AO
8.10485

G Data
Win32.Trojan.Agent.020U3G
14.10.24

IKARUS anti.virus
PUA.OutBrowse
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.183.13521

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
14.0.0.3161

Malwarebytes
PUP.Optional.OutBrowse
v2014.10.02.09

McAfee
Artemis!4F1ACF654CFE
5600.6989

nProtect
Trojan-Clicker/W32.OutBrowse.569536
14.09.29.01

Panda Antivirus
Trj/Chgt.E
14.10.02.09

Qihoo 360 Security
Win32/Trojan.671
1.0.0.1015

Quick Heal
AdWare.OutBrowse.r5 (Not a Virus)
10.14.14.00

Reason Heuristics
PUP.OUTbrowse.D
14.10.2.21

Rising Antivirus
PE:Trojan.Win32.Generic.1751B0CB!391229643
23.00.65.14930

Sophos
Generic PUA NE
4.98

Trend Micro House Call
TROJ_GEN.R047C0PI914
7.2.275

Trend Micro
TROJ_GEN.R047C0PI914
10.465.02

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.3

VIPRE Antivirus
OutBrowse
33542

File size:
556.2 KB (569,536 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\3db.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
8/18/2014 7:30:42 AM

Valid to:
8/19/2015 7:30:42 AM

Subject:
CN=OUTbrowse Ltd, OU=Tech, O=OUTbrowse Ltd, L=Ramat Gan, S=Israel, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11218698DE6360060E5B84AA941E48BB9A93

File PE Metadata
Compilation timestamp:
12/5/2009 3:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:bw0vUjCMjnGaft+rCYRu42+bkQ/IHJIbIUEq+J4kl/nDIG3ICDkQz:bDAXDftmCYT7YQ/Ie6v4usp

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9760

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file 3db.exe has been seen being distributed by the following 7 URLs.

https://mn4sfw-sn3301.files.1drv.com/.../3db.exe

Remove 3db.exe - Powered by Reason Core Security