exe

StArt playinG

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file exe by StArt playinG has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the OutBrowse Revenyou installer.
Publisher:
KWGOM  (signed by StArt playinG)

Product:
KWGOM

Version:
1843.15612.800.3113

MD5:
2c1e1a9ef983bd46f1aecb1c777f52fe

SHA-1:
70fbabdfe3fbd26b2a11966bddf19bbacad941e6

SHA-256:
342631e8e0c2a44e26824c258ff3c4f5c1fb69cccfeb70da24ed8e2457f581ba

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/24/2024 5:09:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse (M)
16.11.4.16

File size:
726.8 KB (744,240 bytes)

Product version:
1843.15612.800.3113

Copyright:
KWGOM

Trademarks:
KWGOM

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
6/11/2015 2:00:00 AM

Valid to:
12/12/2015 12:59:59 AM

Subject:
CN=StArt playinG, O=StArt playinG, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0D7DCF7125106F9259746AE84F8487C7

File PE Metadata
Compilation timestamp:
12/5/2009 11:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:iz0FqhpeRHyjWjD9fjllWDlIitICvnszLli3ttizJjlSOyGpLp7TDQooD5fc8vy2:iz0FZSWp6tJsnli9gCGppk4862

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove exe - Powered by Reason Core Security