cbcabfigbfe.exe

Safe Download gtl

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application cbcabfigbfe.exe, “ Install Your Software” by Safe Download gtl has been detected as adware by 17 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory.
Publisher:
Safe Download gtl  (signed and verified)

Description:
Install Your Software

Version:
2015.21.955.6

MD5:
08fe4c2a815ef40da3abc8d19a8f45ee

SHA-1:
97aaa581ed28582401e6ffe58a6912fb074edfe8

SHA-256:
60087958631df0d16bf8099086f9b82ab852e87a7d43fcb4e6ab950acc7aa5dc

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/24/2024 4:59:00 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.09

AVG
Downloader
2016.0.3183

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.1531

Dr.Web
Trojan.KillFiles.22265
9.0.1.060

ESET NOD32
Win32/OutBrowse.BA potentially unwanted (variant)
9.11144

Fortinet FortiGate
Riskware/OutBrowse
3/1/2015

K7 AntiVirus
Trojan
13.193.14900

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.2410

McAfee
Artemis!08FE4C2A815E
5600.6839

NANO AntiVirus
Trojan.Win32.KillFiles.dmtzdt
0.30.0.65070

Panda Antivirus
Generic Suspicious
15.03.01.10

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.Outbrowse
15.3.18.1

Trend Micro House Call
Suspicious_GEN.F47V0201
7.2.60

VIPRE Antivirus
Trojan.Win32.Generic
37382

Zillya! Antivirus
Downloader.OutBrowse.Win32.1193
2.0.0.2059

File size:
822.7 KB (842,440 bytes)

Product version:
2015.21.955.6

Copyright:
Copyright (C) 2015

Original file name:
2015219556.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\cbcabfigbfe.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
1/26/2015 7:00:00 PM

Valid to:
1/27/2016 6:59:59 PM

Subject:
CN=Safe Download gtl, O=Safe Download gtl, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
14A25C18D3A961BACA6D7C2A3D718B0A

File PE Metadata
Compilation timestamp:
2/1/2015 4:55:31 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:Fo5S1D5svi7drotuH+6q/seuKOo/vcsHllP/fJeFyR:i5S1D5sK71otuH+L/shKOoXhDP/BeFyR

Entry address:
0x854B5

Entry point:
E8, F0, AC, 00, 00, E9, 89, FE, FF, FF, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 40, FA, 4B, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 4C, A4, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 3C, A4, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49, 00, 8D, 04, 5B, 8B, 4C...
 
[+]

Entropy:
6.6202

Code size:
636 KB (651,264 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to yv-in-f155.1e100.net  (74.125.21.155:80)

TCP (HTTP):
Connects to ec2-54-235-200-123.compute-1.amazonaws.com  (54.235.200.123:80)

Remove cbcabfigbfe.exe - Powered by Reason Core Security