aa5aftak.u1u

1430690411

STart noW

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file aa5aftak.u1u by STart noW has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the OutBrowse Revenyou installer. It is also typically executed from the user's temporary directory.
Publisher:
STart noW  (signed and verified)

Product:
1430690411

Version:
1.1553.79.0

MD5:
219023e11c0f615616cd0cc4f662c5e7

SHA-1:
6b9ba8239746726ec804d12a21932bf5c5a0261e

SHA-256:
0ce985c32f15d64d04894e011131947617dac7c0d9ec338b1432ab25ac1d6f13

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 4:38:51 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse (M)
17.3.8.16

File size:
614.9 KB (629,672 bytes)

Product version:
1.1553.79.0

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Nezavisno od jezika

Common path:
C:\users\{user}\appdata\local\temp\aa5aftak.u1u

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
4/30/2015 2:00:00 AM

Valid to:
12/12/2015 12:59:59 AM

Subject:
CN=STart noW, O=STart noW, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
15D4213A1350638DA9BE53171BCF40FB

File PE Metadata
Compilation timestamp:
12/5/2009 11:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove aa5aftak.u1u - Powered by Reason Core Security