4ece327a5d35d08f36ef2943ee86b4de.exe

sAfe store btW

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application 4ece327a5d35d08f36ef2943ee86b4de.exe by sAfe store btW has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the OutBrowse Revenyou installer.
Publisher:
QWJTK  (signed by sAfe store btW)

Product:
QWJTK

Version:
7363.1564.1346.8917

MD5:
ae8326198f81e135d0bd617f92fc924f

SHA-1:
b03e092c15df47b1e1fd7154dae8cf44726bb545

SHA-256:
13ced6821c562dea63d5256ce3b16d500e86ca223e79c3518bfa755345bdd1c1

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/24/2024 4:47:58 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse (M)
16.9.25.7

File size:
697.9 KB (714,682 bytes)

Product version:
7363.1564.1346.8917

Copyright:
QWJTK

Trademarks:
QWJTK

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\windows\temp\4ece327a5d35d08f36ef2943ee86b4de.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
5/28/2015 7:00:00 AM

Valid to:
1/28/2016 6:59:59 AM

Subject:
CN=sAfe store btW, O=sAfe store btW, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6995F2BB730552248FE34CD2EAA6196C

File PE Metadata
Compilation timestamp:
12/6/2009 5:52:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:7kpi4nAA4T510VV2Utxrf3iRFJC3XTfc8vy4h:7kMAAA4nW2OZfaFZ86

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.6674

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove 4ece327a5d35d08f36ef2943ee86b4de.exe - Powered by Reason Core Security