8activator.exe

The application 8activator.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. The program is a setup application that uses the Self-extracting archive installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from download1392.mediafire.com and multiple other hosts.
MD5:
582dea77cb5efdc6dcaf85924c9abc91

SHA-1:
a7b48c3ce8febdc60d98a8ec84e34f877562be46

SHA-256:
da1425863c69bfbba8d5a261202abc127c898b161db0e5ea9436f67d36716c1b

Scanner detections:
23 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/26/2024 11:37:00 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

avast!
Win32:PUP-gen [PUP]
2014.9-140509

AVG
MalSign.OutBrowse
2015.0.3479

Baidu Antivirus
Hacktool.Win32.OutBrowse
4.0.3.1459

Comodo Security
Application.Win32.OutBrowse.~A
18162

Dr.Web
Adware.Downware.1770
9.0.1.0129

ESET NOD32
Win32/OutBrowse (variant)
8.9720

Fortinet FortiGate
Riskware/NSIS_OutBrowse
5/9/2014

G Data
Win32.Application.OutBrowse
14.5.24

IKARUS anti.virus
not-a-virus:Downloader.NSIS
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.176.11873

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.3891

Malwarebytes
PUP.Optional.OutBrowse
v2014.05.09.06

McAfee
RDN/Generic PUP.x!b2w
5600.7135

NANO AntiVirus
Trojan.Win32.OutBrowse.csrlza
0.28.0.59492

Panda Antivirus
Trj/CI.A
14.05.09.06

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Quick Heal
TrojanDownloader.NSIS.OutBrowse.B
5.14.12.00

Sophos
OutBrowse
4.98

Trend Micro House Call
TROJ_SPNR.03D214
7.2.129

Trend Micro
TROJ_SPNR.03D214
10.465.09

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
28580

File size:
807.3 KB (826,642 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Self-extracting archive

Common path:
C:\users\{user}\downloads\8activator.exe

File PE Metadata
Compilation timestamp:
8/22/2013 4:00:50 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:qat0EAH49n8BXF0JarUShgtiFv5OzPPf8cl8/WMh5wGUR6To08yPESdj5JXcxVX:lt244f2c8XfZiWMwGR008yrdj5Jsx9

Entry address:
0x1D348

Entry point:
E8, F0, 57, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 05, FD, FF, FF, C7, 06, F4, 81, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, F4, 81, 42, 00, E9, BA, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, F4, 81, 42, 00, E8, A7, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, CD, C9, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Code size:
148.5 KB (152,064 bytes)

The file 8activator.exe has been seen being distributed by the following 3 URLs.

Remove 8activator.exe - Powered by Reason Core Security