file.exe

DaiLy AppS fOrfOr

The application file.exe by DaiLy AppS fOrfOr has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.
Publisher:
DaiLy AppS fOrfOr  (signed and verified)

MD5:
e1ef6f2688de079042631fc1904870da

SHA-1:
7e616a19f4863ba6745e37de1d2c23c10608c2d0

SHA-256:
c676bd265a7044e5f661ef7be48ea16632a1430cce57c83fdfa97c431c54670c

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/27/2024 2:33:44 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.03.26

Avira AntiVirus
PUA/Outbrowse.Gen
3.6.1.96

Comodo Security
Application.Win32.AltBrowse.HY
21540

Dr.Web
infected with Trojan.OutBrowse.190
9.0.1.05190

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

G Data
NSIS.Application.OutBrowse.AC
15.3.25

Malwarebytes
PUP.Optional.OutBrowse
v2015.03.26.02

McAfee
Adware-OutBrowse.e
5600.6815

Quick Heal
Adware.NSIS.OutBrowse.A
3.15.14.00

Reason Heuristics
PUP.Installer.DaiLyAppSfOrfOr
15.3.26.2

File size:
597.3 KB (611,672 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\file.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
3/23/2015 11:00:00 AM

Valid to:
1/28/2016 10:59:59 AM

Subject:
CN=DaiLy AppS fOrfOr, O=DaiLy AppS fOrfOr, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
07287FBE69E60C7CEE7918973B8AD4E4

File PE Metadata
Compilation timestamp:
12/6/2009 9:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:CbsqqXM/J3WHOtzx0thPuclKDIrr85yEu2AvNOKmfB:CbLEkM9uclKcroyEOvNM

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove file.exe - Powered by Reason Core Security