ebdcabfbdfbg.exe

SaFe SoftwaRe sLL

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application ebdcabfbdfbg.exe by SaFe SoftwaRe sLL has been detected as adware by 10 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup.
Publisher:
SaFe SoftwaRe sLL  (signed and verified)

Version:
2015.412.210.64

MD5:
ae47888475b6fd0a56a80a9b96847d11

SHA-1:
38d567aff488437a59e3ffa55f4f23f6bca81cd1

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/25/2024 6:03:51 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.04.13

AVG
Downloader
2016.0.3134

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.15419

Dr.Web
Trojan.OutBrowse.325
9.0.1.0109

ESET NOD32
Win32/OutBrowse.BX potentially unwanted (variant)
9.11464

G Data
Win32.Adware.Outbrowse
15.4.25

herdProtect (fuzzy)
2015.7.21.7

NANO AntiVirus
Riskware.Win32.OutBrowse.dqfevg
0.30.10.952

Reason Heuristics
Threat.Outbrowse.SaFeSoftwaResLL
15.4.19.16

Sophos
OutBrowse Revenyou
4.98

File size:
764 KB (782,376 bytes)

Product version:
2015.412.210.64

Copyright:
Copyright (C) 2015

Original file name:
201541221064.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\ebdcabfbdfbg.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
4/4/2015 7:00:00 PM

Valid to:
1/27/2016 5:59:59 PM

Subject:
CN=SaFe SoftwaRe sLL, O=SaFe SoftwaRe sLL, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
48BED2CF9FCBEF623FB88AA3FDFAD281

File PE Metadata
Compilation timestamp:
4/12/2015 4:00:25 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:ppMrUQ42Xpy0ApIN19xUVdh5/l1OaI3/lZOhTQAArOfNOBun0ToI2JdwPV2u5/8:pIP42Xpy0ApINJUHhLQ3/lZOtQxOfLnz

Entry address:
0x7A7CB

Entry point:
E8, 0A, A9, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, E0, 57, 49, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 68, 50, 49, 00, C9, C2, 08, 00, B8, 1F, 5C, 48, 00, A3, 78, 1F, 4B, 00, C7, 05, 7C, 1F, 4B, 00, 15, 53, 48, 00, C7, 05, 80, 1F, 4B, 00, C9, 52, 48, 00, C7, 05, 84, 1F, 4B, 00, 02, 53, 48, 00, C7, 05...
 
[+]

Entropy:
6.6120

Code size:
590.5 KB (604,672 bytes)

Remove ebdcabfbdfbg.exe - Powered by Reason Core Security