home

cecabfihcdb.exe

safe click LOL

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application cecabfihcdb.exe by safe click LOL has been detected as adware by 11 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.
Publisher:
safe click LOL  (signed and verified)

Version:
2015.24.859.9

MD5:
325aec3f9e9d3bf0464af3278ffe8cf7

SHA-1:
d0fbe71eefb770b44d363234269f210964e3e5f2

SHA-256:
b07a911c83168c67d7d5b25de76a37ddcaf24e684f9b546522775148e1381ad0

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/6/2024 2:06:50 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.07

AVG
Generic
2016.0.3195

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.1526

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.OutBrowse.92
9.0.1.048

ESET NOD32
Win32/OutBrowse.BA potentially unwanted application
7.0.302.0

G Data
Win32.Application.Agent.2NF35Z
15.2.25

K7 AntiVirus
Unwanted-Program
13.193.14895

Reason Heuristics
PUP.Outbrowse
15.2.18.17

Sophos
OutBrowse Revenyou
4.98

VIPRE Antivirus
OutBrowse
37340

File size:
808.7 KB (828,096 bytes)

Product version:
2015.24.859.9

Copyright:
Copyright (C) 2015

Original file name:
2015248599.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\cecabfihcdb.exe

Digital Signature
Signed by:
safe click LOL

Authority:
thawte, Inc.

Valid from:
2/3/2015 12:00:00 AM

Valid to:
1/27/2016 11:59:59 PM

Subject:
CN=safe click LOL, O=safe click LOL, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
4FDE5AD324E269DA8C09C2F4DC8B70AF

File PE Metadata
Compilation timestamp:
2/4/2015 9:02:55 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:30XfGxTZyTFB0EzGrfn/LJUfXQD/ewwy/MtiQRb8+/jQ:30XfGx1yTFLGbLJEQD/15MtT8+/c

Entry address:
0x8159B

Entry point:
E8, FA, A9, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 28, D8, 49, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 68, D0, 49, 00, C9, C2, 08, 00, B8, DF, CA, 48, 00, A3, 78, AF, 4B, 00, C7, 05, 7C, AF, 4B, 00, D5, C1, 48, 00, C7, 05, 80, AF, 4B, 00, 89, C1, 48, 00, C7, 05, 84, AF, 4B, 00, C2, C1, 48, 00, C7, 05...
 
[+]

Entropy:
6.6214

Code size:
622 KB (636,928 bytes)

Remove cecabfihcdb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.