ferrarif12berlinetta.exe

Setup

DIrect download gtt

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application ferrarif12berlinetta.exe by DIrect download gtt has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the OutBrowse Revenyou installer.
Publisher:
DIrect download gtt  (signed and verified)

Product:
Setup

Version:
1.9.3.0

MD5:
3708e3c55c37f687dc6dda440a4bd55c

SHA-1:
5b98021c52d58ac320b522d337755e1df1b6de3b

SHA-256:
f784fb45023bbf7145f33f9b0afdb7f3c681a427d3a46745639823be384d5ad0

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/28/2024 4:08:17 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse (M)
16.11.11.15

File size:
1.1 MB (1,146,720 bytes)

Product version:
1.9.3.0

Copyright:
Setup

Original file name:
Ionic.Zip-2015Mar04-165736-6c9f3df1-57bc-4940-9f8b-dc3fc4471d5b.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\programs\thema\ferrarif12berlinetta.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
3/1/2015 7:00:00 AM

Valid to:
1/28/2016 6:59:59 AM

Subject:
CN=DIrect download gtt, O=DIrect download gtt, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0D62FBB580795F94946063DA41407834

File PE Metadata
Compilation timestamp:
3/4/2015 11:57:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:nbSaE4mvt/PlbbRzZ5YVNFMFDcKS+bB3cPZPK98XfGohl0:nbSv4mvhl76VN+mKSMQFPGm0

Entry address:
0x75F3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.5750

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
464 KB (475,136 bytes)

Remove ferrarif12berlinetta.exe - Powered by Reason Core Security