custom-maid-3d-full-adult-game-eng.exe

Otopia SOFT

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application custom-maid-3d-full-adult-game-eng.exe by Otopia SOFT has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from get.down1209.info and multiple other hosts.
Publisher:
Otopia SOFT  (signed and verified)

MD5:
b4d75213d86cf6c600c1bea99de02321

SHA-1:
239267392bf676e186f0786392ea32f108db0fb8

SHA-256:
522c3c23ac6ec05ba86f5da1afa64dea2d4cf9af13aae8cecfa156c1a2c118e2

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 3:45:21 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Application.Bundler.Outbrowse.AJ
6417113

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.01.24

Avira AntiVirus
APPL/Outbrowse.Gen
7.11.204.220

avast!
Malware-gen
150101-1

AVG
Potentially harmful program Downloader.DGR
2014.0.4257

Bitdefender
Dropped:Application.Bundler.Outbrowse.AJ
1.0.20.120

Emsisoft Anti-Malware
Dropped:Application.Bundler.Outbrowse.AJ
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BS potentially unwanted application
7.0.302.0

F-Secure
Riskware.Dropped:Application.Bundler.Outbrowse
5.13.68

G Data
Dropped:Application.Bundler.Outbrowse.AJ
15.1.24

IKARUS anti.virus
PUA.OutBrowse
t3scan.1.8.6.0

Malwarebytes
PUP.Optional.OutBrowse
v2015.01.24.05

McAfee
Adware-OutBrowse.e
5600.6876

MicroWorld eScan
Dropped:Application.Bundler.Outbrowse.AJ
16.0.0.72

Reason Heuristics
PUP.OtopiaSOFT
15.1.24.5

Sophos
Generic PUA CC
4.98

Trend Micro House Call
Suspici.1AC582C8
7.2.24

VIPRE Antivirus
Threat.4150696
36666

File size:
572.4 KB (586,176 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\custom-maid-3d-full-adult-game-eng.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
1/22/2015 2:00:00 AM

Valid to:
12/18/2015 1:59:59 AM

Subject:
CN=Otopia SOFT, O=Otopia SOFT, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6713575F4185F7E18FB9C66A2D66B488

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:iUBqS53lofze7LC2jBXjD0jCY0C6Hi9ZqBKrgGdHf6e:iKofz2CAjen0PAZfJfZ

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file custom-maid-3d-full-adult-game-eng.exe has been seen being distributed by the following 3 URLs.

Remove custom-maid-3d-full-adult-game-eng.exe - Powered by Reason Core Security