epubreader_setup.exe

Rspark LLC

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application epubreader_setup.exe by Rspark has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
Rspark LLC  (signed and verified)

MD5:
79e616d9bf742fed96f2f2d8f26d0cb7

SHA-1:
4a55730528d4c30923e219e9b62693b5331bd904

SHA-256:
1799d0aaa9084ca93c5a680eee9d4c5900d68794b90ab8e3f7e4ee848e12dda4

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/15/2024 2:04:51 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.162.212

ESET NOD32
Win32/OutBrowse.AA
8.10120

McAfee
Adware-OutBrowse
5600.7065

NANO AntiVirus
Trojan.Win32.Generic.dbxkzp
0.28.2.60881

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.Rspark.Q
14.7.19.8

Sophos
Generic PUA EK
4.98

Trend Micro House Call
Suspicious_GEN.F47V0712
7.2.200

VIPRE Antivirus
OutBrowse
31392

File size:
978.2 KB (1,001,696 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\epubreader_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/12/2014 11:00:00 AM

Valid to:
2/13/2015 10:59:59 AM

Subject:
CN=Rspark LLC, O=Rspark LLC, STREET="2929 1st ave #405", L=Seattle, S=Washington, PostalCode=98121, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E4DA7826149424E5DF9F3646FF2E80B9

File PE Metadata
Compilation timestamp:
12/6/2009 9:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:WUdrbeBKqYy2hL0rrm+sk8YpG00CBzqwpWxra+9:9rbeJYyEWr998Yp3NBuwpWxh

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9252

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file epubreader_setup.exe has been seen being distributed by the following URL.

Remove epubreader_setup.exe - Powered by Reason Core Security