adobe flash player.exe

Trusted Apps DDD

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application adobe flash player.exe by Trusted Apps DDD has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from get.file3desktop.com.
Publisher:
Trusted Apps DDD  (signed and verified)

MD5:
d6ae572a64ebaf2a2b105b36899f0dcc

SHA-1:
c60a8d575aa9a9a2ac781f43531a5f9c9cfa324e

SHA-256:
a4584448c579f11ab360b6e54a2e55712c72f730ae53386d9c640b3897d53592

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/2/2024 5:36:08 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
APPL/Outbrowse.Gen
7.11.211.104

avast!
PUP-gen [PUP]
150203-1

AVG
Downloader
2016.0.3194

Dr.Web
Trojan.OutBrowse.95
9.0.1.05190

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
2/19/2015

K7 AntiVirus
Trojan
13.197.15020

McAfee
Program.Adware-OutBrowse.e
16.8.708.2

Sophos
OutBrowse Revenyou
4.98

Trend Micro House Call
Suspici.33AE6F52
7.2.50

VIPRE Antivirus
Threat.4150696
36694

File size:
599 KB (613,408 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\adobe flash player.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
2/4/2015 7:00:00 PM

Valid to:
1/27/2016 6:59:59 PM

Subject:
CN=Trusted Apps DDD, O=Trusted Apps DDD, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5EF3B5D45335EFF58E5E582027415162

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:7We9of43dWlrfC6dcUD6SHdD1kFwdhKcpJ4gpkJvZ:7WeOf43orfNdhDHl10BcpJ4gp4x

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file adobe flash player.exe has been seen being distributed by the following URL.

Remove adobe flash player.exe - Powered by Reason Core Security