7f9cd295ff5a191eac52841c2b26ca3e.exe

SaFE stoRe btw

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application 7f9cd295ff5a191eac52841c2b26ca3e.exe by SaFE stoRe btw has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
MZWHT  (signed by SaFE stoRe btw)

Product:
MZWHT

Version:
2376.15528.1345.8486

MD5:
08fe5ad7793e87c4b13105d488bc6b2c

SHA-1:
5c91dcbca12f0909871a6ac89607fecb47021474

SHA-256:
173b5af28a4992f8162f5592d55cb1eca7d2e8f6d96eb76ab01611125d86df26

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 2:02:09 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:OutBrowse-QZ [PUP]
160518-2

Dr.Web
Detection.Undefined
9.0.1.05190

ESET NOD32
Win32/OutBrowse.CD potentially unwanted application
8.0.319.0

Microsoft Security Essentials
Threat.Undefined
1.225.1578.0

Norman
Gen:Variant.Application.Bundler.OutBrowse.8
28.05.2016 13:03:37

Reason Heuristics
PUP.Outbrowse.SaFEstoR.Bundler (M)
16.7.17.6

File size:
767.5 KB (785,904 bytes)

Product version:
2376.15528.1345.8486

Copyright:
MZWHT

Trademarks:
MZWHT

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Common path:
C:\windows\temp\7f9cd295ff5a191eac52841c2b26ca3e.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
5/26/2015 12:00:00 AM

Valid to:
1/27/2016 11:59:59 PM

Subject:
CN=SaFE stoRe btw, O=SaFE stoRe btw, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6567F87663773D07F1E72BDD2E7FF955

File PE Metadata
Compilation timestamp:
12/5/2009 7:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:VsM4KPXr6mt5cXt/sLfbCcevrDjC7kTn7NZdvxeKBRJQHEGaorfc8vy4h:VsM4jmtbWcSrvC7cpfv0KBRCHU86

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove 7f9cd295ff5a191eac52841c2b26ca3e.exe - Powered by Reason Core Security