home

amazingtab20151027.exe

AmazingTab

The application amazingtab20151027.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from cdn.file2desktop.com and multiple other hosts.
Publisher:
AmazingTab

Product:
AmazingTab

Version:
1.0

MD5:
5c8dd4561380ba1d7e6f8a03e4279530

SHA-1:
76f2fd821f3aa2531f179e5c304041b3fdbba764

SHA-256:
c3cd592b6e64ada72f6855f491f21d65347ee6d19d83683cdb4a67a308a1ffa1

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/27/2024 6:50:17 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Malware/Gen.Generic
2015.11.13

Clam AntiVirus
Win.Adware.Outbrowse-1167
0.98/21056

Dr.Web
Trojan.DownLoader17.32154
9.0.1.05190

Kaspersky
not-a-virus:AdWare.MSIL.OutBrowse
15.0.0.543

Malwarebytes
PUP.Optional.AmazingTab
v2015.11.12.04

McAfee
Trojan.Artemis!5C8DD4561380
18.0.204.0

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1077

Trend Micro
TROJ_GEN.R08NC0OK915
10.465.12

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Threat.4823950
45000

File size:
57.7 KB (59,089 bytes)

Product version:
1.0.0.0

Copyright:
© AmazingTab

Trademarks:
AmazingTab

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\amazingtab20151027.exe

File PE Metadata
Compilation timestamp:
12/5/2009 2:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:LfYBrbzmFizYwUK1G0DRXJe4Romu/TIPm++kqIzjbanyJ:jY4FizYxCDRXJe45RPm++5Kf

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
6.7716

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file amazingtab20151027.exe has been seen being distributed by the following 2 URLs.

http://cdn.file2desktop.com/.../AmazingTab20151027.exe

http://cdn.appsdesktop.com/.../AmazingTab20151027.exe

Remove amazingtab20151027.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.