downloadmanager.exe

setup

OutBrowse

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application downloadmanager.exe by OutBrowse has been detected as adware by 40 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
@  (signed by OutBrowse)

Product:
setup

Description:
setup file

Version:
1.0.0.1

MD5:
04d97d753f8fe2737a9e04b3dfd874f7

SHA-1:
d8d8d858f68a7ad99ee47394f934463aa0e6025f

SHA-256:
d26ee67b6ca203c265e2a52b26f868eeaee441243e08fadb3c9f84059a0fac3f

Scanner detections:
40 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/24/2024 12:00:48 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Parite.B
911

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
Win32/Parite
14.08.07

Avira AntiVirus
W32/Parite
7.11.138.242

avast!
Win32:Parite
2014.9-140807

AVG
MalSign.OutBrowse
2014.0.3623

Baidu Antivirus
Virus.Win32.Parite.$b
4.0.3.1487

Bitdefender
Win32.Parite.B
1.0.20.1095

Bkav FE
W32.Clod208.Trojan
1.3.0.4613

Clam AntiVirus
Heuristics.W32.Parite.B
0.98/18355

Comodo Security
Virus.Win32.Parite.gen
17995

Dr.Web
Adware.Downware.1770
9.0.1.045

Emsisoft Anti-Malware
Win32.Parite
8.14.08.07.08

ESET NOD32
Win32/OutBrowse (variant)
7.9162

Fortinet FortiGate
Riskware/NSIS_OutBrowse
12/17/2013

F-Prot
W32/Parite.B
v6.4.7.1.166

F-Secure
Win32.Parite.B
11.2014-07-08_5

G Data
Win32.Parite
14.8.24

IKARUS anti.virus
not-a-virus:Downloader.NSIS
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.175.10814

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.4608

Malwarebytes
PUP.Optional.OutBrowse
v2013.12.17.09

McAfee
Artemis!04D97D753F8F
5600.7279

Microsoft Security Essentials
Virus:Win32/Parite.B
1.10401

MicroWorld eScan
Win32.Parite.B
15.0.0.657

NANO AntiVirus
Virus.Win32.Parite.bgvo
0.28.0.58720

Norman
Pinfi.A
11.20140807

nProtect
Virus/W32.Parite.C
14.03.26.01

Panda Antivirus
W32/Parite.B
14.08.07.08

Qihoo 360 Security
Win32/Virus.Downloader.ad6
1.0.0.1015

Quick Heal
W32.Perite.A
8.14.12.00

Reason Heuristics
PUP.Installer.OutBrowse.P
14.8.7.20

Rising Antivirus
PE:Win32.Parite.b!16043
23.00.65.14805

Sophos
Generic PUA NI
4.95

Total Defense
Win32/Pinfi.A
37.0.10840

Trend Micro House Call
TROJ_GEN.F47V1211
7.2.351

Trend Micro
PE_PARITE.A
10.465.07

Vba32 AntiVirus
Downloader.OutBrowse
3.12.24.3

VIPRE Antivirus
OutBrowse
25324

ViRobot
Win32.Parite.A
2011.4.7.4223

File size:
1.3 MB (1,338,136 bytes)

Product version:
1.0.0.1

Copyright:
(c). All rights reserved.

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Language:
English (United States)

Common path:
C:\windows\temp\downloadmanager.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/24/2013 2:00:00 AM

Valid to:
10/25/2014 1:59:59 AM

Subject:
CN=OutBrowse, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OutBrowse, L=Ramat Gan, S=Ramat Gan, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
56A6FE571611B68C9224798AD62913CA

File PE Metadata
Compilation timestamp:
12/1/2013 12:40:33 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:g6/Ux7a1TTyH9uRkyhjWNTOJcMw7pd/i6Hfdq3QSVRjgNdUzaW6uou:o7a4H9uGy70nLfQ3QS3jgTUWBju

Entry address:
0xE8A7F

Entry point:
E8, FE, AC, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, CC, 90, 52, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 2A, 9C, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 1A, 9C, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49...
 
[+]

Code size:
1 MB (1,063,424 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 224-124-232-198.static.unitasglobal.net  (198.232.124.224:80)

TCP (HTTP):
Connects to fa-in-f156.1e100.net  (173.194.70.156:80)

Remove downloadmanager.exe - Powered by Reason Core Security