home

cbvmt0pz.ef5

Setup

Click Yes

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file cbvmt0pz.ef5 by Click Yes has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the OutBrowse Revenyou installer. It is also typically executed from the user's temporary directory.
Publisher:
Click Yes  (signed and verified)

Product:
Setup

Version:
1.15511.112.0

MD5:
7ed23ea3e5dcae5a652e3a478ea5fda9

SHA-1:
b072dc7c0001e0001c4b0ed2ff2508c8455dcb5f

SHA-256:
f9dedcd245234d74ed755e61135be7eff34bb8225bc7434140951608fe304ee7

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/24/2024 4:05:12 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse (M)
16.9.10.15

File size:
630.1 KB (645,208 bytes)

Product version:
1.15511.112.0

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\cbvmt0pz.ef5

Digital Signature
Signed by:
Click Yes

Authority:
GoDaddy.com, Inc.

Valid from:
4/7/2015 2:16:38 PM

Valid to:
12/8/2015 7:43:03 PM

Subject:
CN=Click Yes, O=Click Yes, L=DUBLIN, C=IE

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
3BFBE10CD0A09BE9

File PE Metadata
Compilation timestamp:
12/6/2009 4:22:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:pIWj1h0QOjzsVnhxLmi3UG4FCJYaskd12rNWlnzJMpnQfCYkB6faxzvU36xVn:pIu1hJUAVnhxLmikCJAA12SJMhkCyax7

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9699

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove cbvmt0pz.ef5 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.