feapwet.exe

best apP

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application feapwet.exe by best apP has been detected as adware by 11 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
best apP  (signed and verified)

MD5:
7271a6bdc1bb13d0f88bb9e3e120249c

SHA-1:
af42a5b195209988b401ef1f500d9173a8305793

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/25/2024 5:58:34 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.CrossRider
2015.05.31

avast!
Malware-gen
2014.9-150808

AVG
Generic
2016.0.3024

Baidu Antivirus
Adware.Win32.OutBrowse
4.0.3.1588

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.OutBrowse.576
9.0.1.0220

ESET NOD32
Win32/Adware.PennyBee (variant)
9.11767

F-Secure
Application.Generic.1334984
11.2015-16-09_4

herdProtect (fuzzy)
2015.9.16.5

Reason Heuristics
PUP.Outbrowse.bestapP (M)
15.8.8.7

Trend Micro House Call
Suspicious_GEN.F47V0517
7.2.220

File size:
244.8 KB (250,640 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\adblocker\1.1.0.31\feapwet.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
3/16/2015 9:00:00 AM

Valid to:
12/18/2015 8:59:59 AM

Subject:
CN=best apP, O=best apP, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5AE07E692681C2D6576B013DAC28684A

File PE Metadata
Compilation timestamp:
5/15/2015 9:24:16 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
6144:VhWp50p9xVijU8PyG0MsHjCDG1t8xHQbTc8vY2lzO8HDvHFAvwMb:VqW9rijZyG0MMR1t+Hqg8vY2ltDvHs

Entry address:
0x194D2

Entry point:
E8, DF, B0, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 4D, 0C, 53, 33, DB, 3B, CB, 76, 1B, 6A, E0, 33, D2, 58, F7, F1, 3B, 45, 10, 73, 0F, E8, C6, 06, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 41, 0F, AF, 4D, 10, 56, 57, 8B, F1, 39, 5D, 08, 74, 0B, FF, 75, 08, E8, F4, 56, 00, 00, 59, 8B, D8, 56, FF, 75, 08, E8, 2A, B1, 00, 00, 8B, F8, 59, 59, 85, FF, 74, 14, 3B, DE, 73, 10, 2B, F3, 56, 6A, 00, 03, DF, 53, E8, 70, BE, FF, FF, 83, C4, 0C, 8B, C7, 5F, 5E, 5B, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10...
 
[+]

Entropy:
6.5890

Code size:
174.5 KB (178,688 bytes)

Remove feapwet.exe - Powered by Reason Core Security