home

fast-downloader.exe

The application fast-downloader.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from smart4pc.info.
MD5:
4432cffec94377fa27d94455231fd06d

SHA-1:
7a6e1b888b8d31e6997bd53eddbed439d64bd436

SHA-256:
03622413ecd6596770706fb95d98ca5c73c52445dba8ccef02d4e824dcd2de5d

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/27/2024 8:52:32 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2014.11.05

Avira AntiVirus
APPL/Downloader.Gen
7.11.183.8

avast!
NSIS:OutBrowse-D [PUP]
2014.9-141105

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.14115

Dr.Web
Trojan.Packed.28662
9.0.1.0309

ESET NOD32
Win32/OutBrowse.AJ (variant)
8.10669

Fortinet FortiGate
Adware/OutBrowse
11/5/2014

K7 AntiVirus
Trojan
13.185.13888

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
14.0.0.2992

Malwarebytes
PUP.Optional.OutBrowse
v2014.11.05.03

McAfee
Artemis!4432CFFEC943
5600.6955

NANO AntiVirus
Trojan.Win32.OutBrowse.deinil
0.28.6.62995

nProtect
Trojan-Clicker/W32.OutBrowse.726922
14.11.04.01

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Quick Heal
AdWare.OutBrowse.r5 (Not a Virus)
11.14.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.17613B43!392248131
23.00.65.141103

Sophos
Generic PUA HK
4.98

Trend Micro
TROJ_GEN.R021C0PJK14
10.465.05

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
34504

File size:
709.9 KB (726,922 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\fast-downloader.exe

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:jfm4Ry75XB/qc8iX9UEkUaM1iAq1uY4trfap+g9TCXdBNmi6LxV2m/h5hp8XL+:je48b/qczqEVf1idYY4t7+vVCtBNluqy

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file fast-downloader.exe has been seen being distributed by the following URL.

http://smart4pc.info/fast-downloader.exe

Remove fast-downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.