avira.exe

OUTBROWSE

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application avira.exe by OUTBROWSE has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from www.iifreedownload.com.
Publisher:
OUTBROWSE  (signed and verified)

MD5:
d6e76db2b645d7efb646f4f510dcd71a

SHA-1:
b6d438382fd80e821c93c0295e0bd88cf1cf3d18

SHA-256:
64a88fcfe1d769453b9ae5cedbe6817aa6ae065d62d5eba2947ee339483647ed

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 9:36:52 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2014.08.14

Avira AntiVirus
APPL/Downloader.Gen
7.11.155.184

AVG
Generic
2015.0.3384

Dr.Web
Adware.Downware.2081
9.0.1.0225

ESET NOD32
Win32/OutBrowse.V potentially unwanted application
8.7.0.302.0

G Data
Win32.Application.Outbrowse
14.8.24

herdProtect (fuzzy)
2014.10.25.12

K7 AntiVirus
Unwanted-Program
13.180.12463

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
14.0.0.3413

Malwarebytes
PUP.Optional.OutBrowse
v2014.08.13.10

McAfee
Adware-OutBrowse
5600.7040

Reason Heuristics
PUP.OUTBROWSE.F
14.8.13.10

Sophos
OutBrowse Revenyou
4.98

Trend Micro House Call
Suspici.B577CD42
7.2.225

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.3

VIPRE Antivirus
Threat.4784459
29708

File size:
976.5 KB (999,936 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\avira.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/7/2014 2:00:00 AM

Valid to:
4/8/2015 1:59:59 AM

Subject:
CN=OUTBROWSE, O=OUTBROWSE, STREET=Bialik Number: 143, L=Ramat Gan, S=Israel, PostalCode=5252337, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A5F03C3A375C11FD6C1C160EE8BFF923

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:FlHN/Um3b7bt5ORv7OfUej1YY+oPfmH7OdIgbB1Nx0WkljfyU0NsA3wPPgMSHaIQ:Fgm3jWRCD+sdDkpYP3wPwn2arwpZ7V

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file avira.exe has been seen being distributed by the following URL.

Remove avira.exe - Powered by Reason Core Security