efcabfiegg.exe

TIKi TAka

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application efcabfiegg.exe by TIKi TAka has been detected as adware by 16 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory.
Publisher:
TIKi TAka  (signed and verified)

Version:
2015.45.120.64

MD5:
9ba193a3c4d4d58a7306c05ab7921bc2

SHA-1:
a7ef49a2890074bc0224c68ef89c615776258f72

SHA-256:
b2902aa293113a0a3decabc69aa4b83d357b4b45ab26f8b20e0ceca2125fbdb2

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/24/2024 4:38:38 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.04.22

AVG
Downloader
2016.0.3135

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.OutBrowse.268
9.0.1.0109

ESET NOD32
Win32/OutBrowse.BX potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
4/19/2015

G Data
Win32.Adware.Outbrowse
15.4.25

herdProtect (fuzzy)
2015.7.20.19

McAfee
Artemis!9BA193A3C4D4
5600.6791

NANO AntiVirus
Riskware.Win32.OutBrowse.dqfevg
0.30.20.1219

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Outbrowse.TIKiTAka
15.4.19.3

Trend Micro House Call
Suspicious_GEN.F47V0407
7.2.109

VIPRE Antivirus
Threat.4784459
39354

Zillya! Antivirus
Trojan.PornoAsset.Win32.22313
2.0.0.2147

File size:
764 KB (782,360 bytes)

Product version:
2015.45.120.64

Copyright:
Copyright (C) 2015

Original file name:
20154512064.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\efcabfiegg.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
4/4/2015 5:00:00 PM

Valid to:
12/17/2015 3:59:59 PM

Subject:
CN=TIKi TAka, O=TIKi TAka, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
019BFE59D518B496853B322D17936B33

File PE Metadata
Compilation timestamp:
4/5/2015 5:00:26 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:ZZxrEI+2HiC0lp59Ftx0VdR5wllOaPnq1ZOBzggQbHE4uBOnkDoIb9dwjVms5//E:ZfH+2HiC0lp59J0HRuHnq1ZONgxHE2nG

Entry address:
0x7A7CB

Entry point:
E8, 0A, A9, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, F0, 57, 49, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 68, 50, 49, 00, C9, C2, 08, 00, B8, 1F, 5C, 48, 00, A3, 78, 1F, 4B, 00, C7, 05, 7C, 1F, 4B, 00, 15, 53, 48, 00, C7, 05, 80, 1F, 4B, 00, C9, 52, 48, 00, C7, 05, 84, 1F, 4B, 00, 02, 53, 48, 00, C7, 05...
 
[+]

Entropy:
6.6124

Code size:
590.5 KB (604,672 bytes)

Remove efcabfiegg.exe - Powered by Reason Core Security