не подтвержден 917500.crdownload

TiKi TaKa

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file не подтвержден 917500.crdownload by TiKi TaKa has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from clksite.com.
Publisher:
TiKi TaKa  (signed and verified)

MD5:
860f2558e1591035a3b880b389cef048

SHA-1:
947e680420fa14d08afa9e4f7db28a7d2c83fa12

SHA-256:
566e0d60eb9a84813ca7d0f0cc0cea7415d79bd5107b3eb750bd602a61987793

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/25/2024 4:48:05 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.03

Avira AntiVirus
APPL/Downloader.Gen
7.11.206.130

AVG
Downloader
2016.0.2941

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.151029

Dr.Web
Trojan.OutBrowse.77
9.0.1.0302

ESET NOD32
Win32/OutBrowse.BS potentially unwanted (variant)
9.11112

Fortinet FortiGate
Riskware/OutBrowse
10/29/2015

G Data
Win32.Application.Agent.QODJ9O
15.10.25

K7 AntiVirus
DoS-Trojan
13.193.14838

Malwarebytes
PUP.Optional.OutBrowse
v2015.10.29.12

McAfee
Artemis!860F2558E159
5600.6597

NANO AntiVirus
Trojan.Win32.OutBrowse.dnberl
0.30.0.65070

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Outbrowse.TiKiTaKa.Bundler (M)
15.10.29.12

Sophos
Generic PUA JE
4.98

Trend Micro House Call
TROJ_GEN.R047H06AO15
7.2.302

VIPRE Antivirus
Trojan.Win32.Generic
37198

File size:
574.1 KB (587,832 bytes)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\?? ??????????? 917500.crdownload

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
1/17/2015 3:00:00 AM

Valid to:
12/18/2015 2:59:59 AM

Subject:
CN=TiKi TaKa, O=TiKi TaKa, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
3487E38E20A9221880B21663DD3A995D

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:HPOfnYBEgXdMv+yADg4j+LgdLA8ENCr4DiUkZscdT4/oNe6DitA5+:HPGJg+4YgdLtwUsMsg8ftc+

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file не подтвержден 917500.crdownload has been seen being distributed by the following URL.