eecabfbcabhh.exe

ApPs MArket AbC

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application eecabfbcabhh.exe by ApPs MArket AbC has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory.
Publisher:
ApPs MArket AbC  (signed and verified)

Version:
2015.44.180.64

MD5:
3a02ed8ad11d80d45081cb010584de19

SHA-1:
e965287c0e1ea52dae9dc1d43f4866dfc81dbff6

SHA-256:
27dc5bf6753cfe4eaefa5a083b738d1752fcb9c3b08f42712e1430616c4a5c90

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 6:47:13 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.04.22

AVG
Downloader
2016.0.3132

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.15422

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.Outbrowse-19
0.98/21511

Dr.Web
Trojan.OutBrowse.268
9.0.1.0112

ESET NOD32
Win32/OutBrowse.BX potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
4/24/2015

G Data
Win32.Adware.Outbrowse
15.4.25

herdProtect (fuzzy)
2015.7.23.14

IKARUS anti.virus
PUA.OutBrowse
t3scan.1.8.9.0

NANO AntiVirus
Riskware.Win32.OutBrowse.dqfevg
0.30.20.1219

Reason Heuristics
Threat.Outbrowse.Bundler
15.4.22.6

Sophos
OutBrowse Revenyou
4.98

Vba32 AntiVirus
Adware.Outbrowse
3.12.26.3

VIPRE Antivirus
Threat.4784459
39354

Zillya! Antivirus
Trojan.PornoAsset.Win32.22313
2.0.0.2147

File size:
764 KB (782,376 bytes)

Product version:
2015.44.180.64

Copyright:
Copyright (C) 2015

Original file name:
20154418064.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\eecabfbcabhh.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
4/1/2015 3:00:00 AM

Valid to:
1/28/2016 1:59:59 AM

Subject:
CN=ApPs MArket AbC, O=ApPs MArket AbC, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
4DE9E032C3EEEB01B193F16E6C386D83

File PE Metadata
Compilation timestamp:
4/4/2015 9:00:24 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:aZxrEI+2HiC0lp59Ftx0VdR5wllOaPnq1ZOBzggQbHE4uBOnkDoIb9dwjV2s5/6:afH+2HiC0lp59J0HRuHnq1ZONgxHE2n8

Entry address:
0x7A7CB

Entry point:
E8, 0A, A9, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, F0, 57, 49, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 68, 50, 49, 00, C9, C2, 08, 00, B8, 1F, 5C, 48, 00, A3, 78, 1F, 4B, 00, C7, 05, 7C, 1F, 4B, 00, 15, 53, 48, 00, C7, 05, 80, 1F, 4B, 00, C9, 52, 48, 00, C7, 05, 84, 1F, 4B, 00, 02, 53, 48, 00, C7, 05...
 
[+]

Code size:
590.5 KB (604,672 bytes)

Remove eecabfbcabhh.exe - Powered by Reason Core Security