» f_000fb6
Overview
Analysis
File Details
Downloads (1)

f_000fb6

The file f_000fb6 has been detected as a potentially unwanted program by 16 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from odindownload.com.

File name:

f_000fb6

MD5:

8f4bfc2bc2352513f1a6cd47583710b0

SHA-1:

579e55155c19d576c44f8d75d83f7ea892c2ef0f

SHA-256:

dd6e68356bca71337573b02f03a4de72690fa203a71d0ccf83b894dcd1c8e22a

Scanner detections:

16 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

2/25/2025 2:05:30 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

2014.9-150413

AVG

OutBrowse

2016.0.3141

Baidu Antivirus

PUA.Win32.OutBrowse

4.0.3.15413

Dr.Web

Trojan.OutBrowse.273

9.0.1.0103

ESET NOD32

Win32/OutBrowse.BU potentially unwanted

9.11450

Fortinet FortiGate

Riskware/OutBrowse

4/13/2015

G Data

NSIS.Application.OutBrowse.AC

15.4.25

K7 AntiVirus

Adware

13.202.15544

McAfee

Artemis!8F4BFC2BC235

5600.6797

NANO AntiVirus

Trojan.Win32.OutBrowse.dpuxby

0.30.10.952

Qihoo 360 Security

HEUR/QVM30.1.Malware.Gen

1.0.0.1015

Quick Heal

Adware.NSIS.OutBrowse.A

4.15.14.00

Sophos

Generic PUA HC

4.98

Trend Micro House Call

Suspicious_GEN.F47V0330

7.2.103

Vba32 AntiVirus

Adware.Outbrowse

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

39198

File size:

917.2 KB (939,182 bytes)

Common path:

C:\users\{user}\appdata\local\google\chrome\user data\profile 2\cache\f_000fb6

File PE Metadata

Compilation timestamp:

6/9/2012 3:19:49 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:w2O/GlJr1HFhRW0gyhxHlP6kiJ9j1czslNnl+Dk:TLRW0geN6kiJ9jaslNn7

Entry address:

0xAC87

Entry point:

E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 9F, 30, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, 8F, AB, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 24, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 24, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 0E, B1, FF, FF, C3, 56, 8B, F1, 8B, 06, 85, C0, 74, 07, 50, FF, 15, C4, 40, 41, 00, 83, 26, 00, 83, 66, 08, 00, 83, 66, 0C, 00, 5E, C3, 56, 8B, F1, 80, 7E, 04, 00, 75, 34, 68, F4, 44, 41, 00... 
[+]

Code size:

73 KB (74,752 bytes)

The file f_000fb6 has been seen being distributed by the following URL.

http://odindownload.com/.../Odin-V3.07.sfx.exe

Remove f_000fb6 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.