adobe flash player.exe

OUTBROWSE LTD

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application adobe flash player.exe by OUTBROWSE has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the OutBrowse Revenyou installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dl.appsdesktop.com.
Publisher:
OUTBROWSE LTD  (signed and verified)

MD5:
93cf1e3d1117150ea109e31dc22707f9

SHA-1:
509dbad9f1d4551cc6005366b8fb820bc7ea4a34

SHA-256:
d92a4e1f37f1231da492140d12e60224b67a89bee1244064a1016aea37a51a23

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/24/2024 3:06:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse (M)
17.2.21.0

File size:
971.3 KB (994,560 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\adobe flash player.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
3/26/2014 4:16:30 AM

Valid to:
3/26/2015 4:16:30 AM

Subject:
CN=OUTBROWSE LTD, O=OUTBROWSE LTD, L=ramat gan, S=Merkaz, C=IL

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4E9F154E55EEFC

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9263

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file adobe flash player.exe has been seen being distributed by the following URL.

http://dl.appsdesktop.com/DownloadManager/Get1?p=301&d=3746&l=3578&n=1&d5=34098&exeurl=http://get.adobe.com/.../&dynamicname=Adobe Flash Player&filename=Adobe Flash Player&d1=5252

Remove adobe flash player.exe - Powered by Reason Core Security