chcabfihii.exe

Safe Click Lol

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application chcabfihii.exe by Safe Click Lol has been detected as adware by 23 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.
Publisher:
Safe Click Lol  (signed and verified)

Version:
2015.24.859.9

MD5:
2354c6167453a8856e9ef7bfd088f5c8

SHA-1:
e58e0c29d6c940ea9a3634278a024fd5343f40f1

SHA-256:
0c07b8678ceafe86a9e066c91b2b438d85df5c82323b87ff9e48344e6c432cfe

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/24/2024 5:09:52 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.05

Avira AntiVirus
APPL/OutBrowse.827952
7.11.214.232

avast!
Win32:OutBrowse-HW [PUP]
2014.9-150409

AVG
Generic
2016.0.3145

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.1549

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.Outbrowse-7
0.98/21511

Dr.Web
Trojan.OutBrowse.92
9.0.1.099

ESET NOD32
Win32/OutBrowse.BA potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
4/9/2015

G Data
Win32.Application.Agent.2NF35Z
15.4.25

herdProtect (fuzzy)
2015.7.12.5

IKARUS anti.virus
PUA.OutBrowse
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.193.14895

McAfee
Artemis!2354C6167453
5600.6801

NANO AntiVirus
Trojan.Win32.OutBrowse.dnqadi
0.30.0.296

Panda Antivirus
Generic Suspicious
15.04.09.07

Reason Heuristics
PUP.Outbrowse
15.4.9.3

Sophos
OutBrowse Revenyou
4.98

Trend Micro House Call
TROJ_GEN.R03EH05BH15
7.2.99

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.3

VIPRE Antivirus
OutBrowse
37340

File size:
808.7 KB (828,096 bytes)

Product version:
2015.24.859.9

Copyright:
Copyright (C) 2015

Original file name:
2015248599.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\chcabfihii.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
2/4/2015 7:00:00 PM

Valid to:
1/27/2016 6:59:59 PM

Subject:
CN=Safe Click Lol, O=Safe Click Lol, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0113B280254155278C27A31712365932

File PE Metadata
Compilation timestamp:
2/4/2015 4:02:55 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:70XfGxTZyTFB0EzGrfn/LJUfXQD/ewwy/MtiQRb8+/x:70XfGx1yTFLGbLJEQD/15MtT8+/x

Entry address:
0x8159B

Entry point:
E8, FA, A9, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 28, D8, 49, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 68, D0, 49, 00, C9, C2, 08, 00, B8, DF, CA, 48, 00, A3, 78, AF, 4B, 00, C7, 05, 7C, AF, 4B, 00, D5, C1, 48, 00, C7, 05, 80, AF, 4B, 00, 89, C1, 48, 00, C7, 05, 84, AF, 4B, 00, C2, C1, 48, 00, C7, 05...
 
[+]

Entropy:
6.6214

Code size:
622 KB (636,928 bytes)

Remove chcabfihii.exe - Powered by Reason Core Security