54ad9f1292ff38269eb616e1fb97b3ff.exe

SaFE stoRe btw

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application 54ad9f1292ff38269eb616e1fb97b3ff.exe by SaFE stoRe btw has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
ZJKCB  (signed by SaFE stoRe btw)

Product:
ZJKCB

Version:
9416.15528.1340.4041

MD5:
6e2da67da85e88c317b32656a3c3c1ba

SHA-1:
3c2f387372315d8cb123e40d15d76ddc15d12e55

SHA-256:
079b05748f6eab145f594b8a97ccbb31b7898e322049bd6fbecf2333a3f43c2f

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 10:06:30 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:OutBrowse-QZ [PUP]
160518-2

Dr.Web
Detection.Undefined
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.OutBrowse
16.06.26

ESET NOD32
Win32/OutBrowse.CE potentially unwanted application
7.0.302.0

F-Secure
Variant.Application.Bundler
5.15.96

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
15.0.0.562

McAfee
Program.Adware-OutBrowse.g
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.2652.0

Norman
Gen:Variant.Application.Bundler.OutBrowse.8
22.05.2016 07:18:28

Reason Heuristics
PUP.Outbrowse.SaFEstoR.Bundler (M)
16.6.26.12

File size:
821 KB (840,707 bytes)

Product version:
9416.15528.1340.4041

Copyright:
ZJKCB

Trademarks:
ZJKCB

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Common path:
C:\windows\temp\54ad9f1292ff38269eb616e1fb97b3ff.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
5/26/2015 12:00:00 AM

Valid to:
1/27/2016 11:59:59 PM

Subject:
CN=SaFE stoRe btw, O=SaFE stoRe btw, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6567F87663773D07F1E72BDD2E7FF955

File PE Metadata
Compilation timestamp:
12/6/2009 12:52:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:ff2YSaN5SyIBrj+dkiK/2fSI7Lm52X4nOoj+CBCH3/bZu97waWfc8vy4h:ffcyIBP0kFu648a7vZX1CwaD86

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.6129

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove 54ad9f1292ff38269eb616e1fb97b3ff.exe - Powered by Reason Core Security