feapwet64.exe

best apP

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application feapwet64.exe by best apP has been detected as adware by 9 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
best apP  (signed and verified)

MD5:
ec27ae0fd1557cddf1186d2a146f2563

SHA-1:
f1e9bba66c408cc2843e794ed0325cd7e92a62b2

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/25/2024 5:18:40 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win64:Malware-gen
2014.9-150808

AVG
Generic
2016.0.3024

Baidu Antivirus
Adware.Win32.OutBrowse
4.0.3.1588

Dr.Web
Trojan.OutBrowse.576
9.0.1.0220

herdProtect (fuzzy)
2015.9.16.5

McAfee
Artemis!EC27AE0FD155
5600.6680

Qihoo 360 Security
Win32/Trojan.ae7
1.0.0.1015

Reason Heuristics
PUP.Outbrowse.bestapP (M)
15.8.8.7

Trend Micro House Call
Suspicious_GEN.F47V0517
7.2.220

File size:
301.8 KB (309,008 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\adblocker\1.1.0.31\feapwet64.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
3/16/2015 9:00:00 AM

Valid to:
12/18/2015 8:59:59 AM

Subject:
CN=best apP, O=best apP, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5AE07E692681C2D6576B013DAC28684A

File PE Metadata
Compilation timestamp:
5/15/2015 9:26:03 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
6144:+mp//rwJSi4Y3pe/8VEtxYBpdNGTwkAU4cjp+R413Kcf4GBi:t/rwJ5H3SLYdUaR413Tzs

Entry address:
0x1D8A0

Entry point:
48, 83, EC, 28, E8, DB, C3, 00, 00, 48, 83, C4, 28, E9, 76, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 33, FF, 48, 8B, DA, 48, 8B, F1, 48, 85, D2, 74, 1D, 33, D2, 48, 8D, 47, E0, 48, F7, F3, 49, 3B, C0, 73, 0F, E8, E1, 08, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 3D, 49, 0F, AF, D8, 48, 85, C9, 74, 08, E8, 29, 5E, 00, 00, 48, 8B, F8, 48, 8B, D3, 48, 8B, CE, E8, 2F, C4, 00, 00, 48, 8B, F0, 48, 85, C0, 74, 16, 48, 3B, FB, 73, 11, 48, 2B, DF, 48, 8D, 0C, 07, 33, D2, 4C...
 
[+]

Entropy:
6.4054

Code size:
201.5 KB (206,336 bytes)

Remove feapwet64.exe - Powered by Reason Core Security