442117df51626a245e9fef8e022e5fda.exe

SaFE stoRe btw

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application 442117df51626a245e9fef8e022e5fda.exe by SaFE stoRe btw has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
HVGKX  (signed by SaFE stoRe btw)

Product:
HVGKX

Version:
142.15526.1341.4276

MD5:
a2795cdca70e0b9d78f1bb2977b495b9

SHA-1:
10c6374fc09b9cb98c098af72d9e0a515fb60cf6

SHA-256:
9d955af135cf488849bef0402057f0cf7c2587cb1d6ef19245524b5aa9ef18b9

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 4:59:41 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:OutBrowse-QZ [PUP]
160414-2

Emsisoft Anti-Malware
Dropped:Trojan.Generic.14749790
11.5.0.6191

ESET NOD32
Win32/OutBrowse.CB potentially unwanted application
8.0.319.0

Microsoft Security Essentials
Threat.Undefined
1.225.283.0

Norman
Dropped:Trojan.Generic.14749790
28.05.2016 15:32:18

Reason Heuristics
PUP.Outbrowse.SaFEstoR.Bundler (M)
16.7.3.16

File size:
713.8 KB (730,918 bytes)

Product version:
142.15526.1341.4276

Copyright:
HVGKX

Trademarks:
HVGKX

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\442117df51626a245e9fef8e022e5fda.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
5/26/2015 12:00:00 AM

Valid to:
1/27/2016 11:59:59 PM

Subject:
CN=SaFE stoRe btw, O=SaFE stoRe btw, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6567F87663773D07F1E72BDD2E7FF955

File PE Metadata
Compilation timestamp:
12/5/2009 10:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:nfygu81LuNLRH4GehLqFyrEeduCj6G86Qw/inF6io/1Qlufc8vy4h:nfygBcLRH9sqUrPjP86KCalL86

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove 442117df51626a245e9fef8e022e5fda.exe - Powered by Reason Core Security