bombus nimbuzz pc.exe

Click Yes

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application bombus nimbuzz pc.exe by Click Yes has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Click Yes  (signed and verified)

MD5:
1cfb3cdb2e28f01b6a70120be6c44099

SHA-1:
433a58338542e0fd5199a870470ac82f8f933cc6

SHA-256:
14ea5875d2a6309bf462133774d4bc2053624dddf7bfa50d0eb4cbdb4f094d6c

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 3:21:32 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.10

Avira AntiVirus
APPL/Downloader.Gen
7.11.209.28

AVG
Downloader
2016.0.3203

Comodo Security
Application.Win32.AltBrowse.HY
21019

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
2/9/2015

K7 AntiVirus
Trojan
13.194.14904

Malwarebytes
PUP.Optional.OutBrowse
v2015.02.09.04

Reason Heuristics
PUP.Outbrowse
15.2.9.15

Trend Micro House Call
Suspici.B4D1CBB0
7.2.40

File size:
576.8 KB (590,688 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\programs\bombus nimbuzz pc.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
1/27/2015 4:09:48 PM

Valid to:
12/8/2015 4:13:03 PM

Subject:
CN=Click Yes, O=Click Yes, L=DUBLIN, C=IE

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00AA1A390D4E81FA68

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:9psJdfsq7CRwm+hOg12kppStSJxA/U7OWvX7TSNj30Goy+jLM:9ElwJ+hNTmUJWU7OWvXY3Iw

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9656

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove bombus nimbuzz pc.exe - Powered by Reason Core Security