» carambis driver updater serial.exe
Overview
Analysis
File Details

carambis driver updater serial.exe

Safe Software Sll

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application carambis driver updater serial.exe by Safe Software Sll has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup.

File name:

Publisher:

Safe Software Sll (signed and verified)

MD5:

7eb71cb49f1bf3017c1c5bdd2eb3f5b7

SHA-1:

bf4842a03524c05f711b4d6a005a8689ed115a36

SHA-256:

d1c76f72204c5e1bb77af7a8e4277b66d9fc61b58338fbbf21bfc6f5d3c33bc9

Scanner detections:

7 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/5/2024 8:01:42 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.OutBrowse

2015.02.06

Avira AntiVirus

APPL/Downloader.Gen

7.11.207.178

AVG

Downloader

2016.0.3207

Comodo Security

Application.Win32.AltBrowse.HY

20977

ESET NOD32

Win32/OutBrowse.BU potentially unwanted application

7.0.302.0

Reason Heuristics

PUP.Outbrowse

15.2.18.17

Trend Micro House Call

Suspici.B4D1CBB0

7.2.36

File size:

576.4 KB (590,264 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

OutBrowse Revenyou (using Nullsoft Install System)

Common path:

C:\users\{user}\downloads\programs\carambis driver updater serial.exe

Digital Signature

Signed by:

Safe Software Sll

Authority:

thawte, Inc.

Valid from:

2/5/2015 3:00:00 AM

Valid to:

1/28/2016 2:59:59 AM

Subject:

CN=Safe Software Sll, O=Safe Software Sll, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

5D86B00EE6C53705927FED8F867F6A6E

File PE Metadata

Compilation timestamp:

12/6/2009 1:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:TsG1DHP+oq5ZXh5c2DDmBH4q4cLodwiKWxucoxVuYUElP+cY:Tt7PVqrXw2DMt4cq3oxV5J+b

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9656

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove carambis driver updater serial.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.