fifa 15 (r) hack v2.4.exe

The application fifa 15 (r) hack v2.4.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from download1845.mediafire.com.
MD5:
9798115905fbd68d20272e2aae911cf1

SHA-1:
0bf01c05f3b3b5d8adfacab522d91fc49a5171a6

SHA-256:
d88d9d94ce4c4842bcc830c0fed9d5423a29112c2bfb0adf75da0d4c2156714e

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/27/2024 7:31:35 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2014.11.07

Avira AntiVirus
APPL/Downloader.Gen
7.11.183.128

avast!
NSIS:OutBrowse-D [PUP]
2014.9-160318

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.16318

Dr.Web
Trojan.Packed.29078
9.0.1.078

ESET NOD32
Win32/OutBrowse.AJ (variant)
10.10681

K7 AntiVirus
Trojan
13.185.13930

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
14.0.0.496

Malwarebytes
PUP.Optional.OutBrowse
v2016.03.18.08

McAfee
Artemis!9798115905FB
5600.6456

NANO AntiVirus
Trojan.Win32.OutBrowse.deinil
0.28.6.62995

nProtect
Trojan-Clicker/W32.OutBrowse.726923
14.11.06.01

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Quick Heal
AdWare.OutBrowse.r5 (Not a Virus)
3.16.14.00

Reason Heuristics
PUP.OutBrowse (M)
16.3.18.20

Sophos
Generic PUA AL
4.98

Trend Micro House Call
TROJ_GEN.R08NC0OJD14
7.2.78

Trend Micro
TROJ_GEN.R08NC0OJD14
10.465.18

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
34560

File size:
709.9 KB (726,923 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\fifa 15 (r) hack v2.4.exe

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:rLzm4Ry75XB/qc8iX9UEkUaM1iAq1uY4trfap+g9TCXdBNmi6LxV2m/h5hp8XLd:rLa48b/qczqEVf1idYY4t7+vVCtBNlu4

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9474

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file fifa 15 (r) hack v2.4.exe has been seen being distributed by the following URL.

Remove fifa 15 (r) hack v2.4.exe - Powered by Reason Core Security