f_00bca9

The file f_00bca9 has been detected as a potentially unwanted program by 26 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from download1394.mediafire.com and multiple other hosts.
MD5:
7b042f1be914dd7226e152e32a08417f

SHA-1:
3ae6ca20b49b2452b96db194e10426ad9d4cac6e

SHA-256:
a01d90c0d297d03761e2d4205676fec212ca81fc42b2cc23ad18e2773118b1df

Scanner detections:
26 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/25/2024 6:32:33 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.OutBrowse.J
506

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
ASD.Reputation
2015.09.17

Avira AntiVirus
PUA/Outbrowse.Gen
8.3.2.2

Arcabit
Application.OutBrowse.J
1.0.0.541

avast!
NSIS:OutBrowse-BN [PUP]
2014.9-150916

AVG
MultiDropper_c
2016.0.2984

Baidu Antivirus
Trojan.Win32.Adload
4.0.3.15916

Bitdefender
Application.OutBrowse.J
1.0.20.1295

Bkav FE
HW32.Packed
1.3.0.7237

Dr.Web
Trojan.Siggen6.33552
9.0.1.0259

ESET NOD32
Win32/OutBrowse potentially unwanted
9.12263

F-Secure
Application.OutBrowse.J
11.2015-16-09_4

G Data
Application.OutBrowse
15.9.25

IKARUS anti.virus
Trojan-Downloader.Win32.Adload
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.210.17236

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
14.0.0.1416

McAfee
Artemis!7B042F1BE914
5600.6640

MicroWorld eScan
Application.OutBrowse.J
16.0.0.777

NANO AntiVirus
Trojan.Win32.DownLoad3.dqapeg
0.30.24.3283

Panda Antivirus
Generic Suspicious
15.09.16.06

Qihoo 360 Security
HEUR/QVM41.2.Malware.Gen
1.0.0.1015

Quick Heal
AdWare.OutBrowse.r5 (Not a Virus)
9.15.14.00

Sophos
Generic PUA DK (PUA)
4.98

Vba32 AntiVirus
Adware.Outbrowse
3.12.26.4

VIPRE Antivirus
OutBrowse
43804

File size:
1.5 MB (1,611,020 bytes)

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\cache\f_00bca9

File PE Metadata
Compilation timestamp:
1/31/2011 5:44:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:iQ1I+nqNHVbnPJ659YTi4WVfdc9KVIBUA:iQ1fnqNHVLUjj4MfSQI2A

Entry address:
0x1D20

Entry point:
55, 8B, EC, 6A, FF, 68, 28, 21, 40, 00, 68, A0, 1E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 88, 20, 40, 00, 59, 83, 0D, 54, 35, 40, 00, FF, 83, 0D, 58, 35, 40, 00, FF, FF, 15, 84, 20, 40, 00, 8B, 0D, CC, 32, 40, 00, 89, 08, FF, 15, 80, 20, 40, 00, 8B, 0D, C8, 32, 40, 00, 89, 08, A1, 7C, 20, 40, 00, 8B, 00, A3, 5C, 35, 40, 00, E8, 10, 01, 00, 00, 39, 1D, BC, 32, 40, 00, 75, 0C, 68, 9C, 1E, 40, 00, FF, 15, 78, 20...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
4 KB (4,096 bytes)

The file f_00bca9 has been seen being distributed by the following 2 URLs.

Remove f_00bca9 - Powered by Reason Core Security