непотвърдено 861089.crdownload

RuN aPPs fOrever llD

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file непотвърдено 861089.crdownload by RuN aPPs fOrever llD has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup.
Publisher:
NKLLD  (signed by RuN aPPs fOrever llD)

Product:
NKLLD

Version:
9352.15610.1392.2532

MD5:
061a4c21e9ceebf9f6ab611a716615aa

SHA-1:
a78035bfcb344f0121b0d8846e1e8731a9171808

SHA-256:
68bc0e293138ebe2ce8dbfe8434c168259a33f3a7ad2a7802f7e243ce124b5bf

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/26/2024 11:50:58 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AVG
Downloader
2016.0.3082

ESET NOD32
Win32/OutBrowse.CB potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
6/11/2015

IKARUS anti.virus
PUA.OutBrowse
t3scan.1.9.5.0

K7 AntiVirus
Unwanted-Program
13.204.16210

McAfee
Program.Adware-OutBrowse.g
17.6.569.0

Quick Heal
PUA.OutBrowse.A
6.15.14.00

Reason Heuristics
PUP.Outbrowse.Bundler
15.6.11.9

File size:
733.8 KB (751,440 bytes)

Product version:
9352.15610.1392.2532

Copyright:
NKLLD

Trademarks:
NKLLD

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\???????????? 861089.crdownload

Digital Signature
Authority:
thawte, Inc.

Valid from:
6/8/2015 3:00:00 AM

Valid to:
1/28/2016 1:59:59 AM

Subject:
CN=RuN aPPs fOrever llD, O=RuN aPPs fOrever llD, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1BB8B0E42BC70162C0D4296395926232

File PE Metadata
Compilation timestamp:
12/6/2009 12:52:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:aqmBF5gsy7kl83EPLusLNohdsnugt5ANxH/4/AyYv8PUsfc8vy4h:aqmzaklWEPnLNohdsnHsxw/RgF86

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove непотвърдено 861089.crdownload - Powered by Reason Core Security