file.exe

DiRecT DoWnloaD GtT

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application file.exe by DiRecT DoWnloaD GtT has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
DiRecT DoWnloaD GtT  (signed and verified)

MD5:
663df2c4cc16b08c0ca6bb08e309e43f

SHA-1:
c3a376bfca3586c14d80631311fb7c18075a1e8c

SHA-256:
2420d8c672aad6d8c3afc95345e5600951a66466c82489e329a586fce21fba6e

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/29/2024 1:24:08 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.04.25

Avira AntiVirus
PUA/Outbrowse.Gen
3.6.1.96

avast!
Adware-gen [Adw]
150319-1

AVG
Win.Threat.Medium
2014.0.4311

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.AltBrowse.HY
21882

Dr.Web
Trojan.OutBrowse.381
9.0.1.05190

ESET NOD32
Win32/OutBrowse.BU potentially unwanted
9.11529

Fortinet FortiGate
Riskware/OutBrowse
4/24/2015

G Data
NSIS.Application.OutBrowse.AC
15.4.25

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
15.0.0.543

Malwarebytes
PUP.Optional.OutBrowse
v2015.04.24.09

McAfee
Program.Adware-OutBrowse.e
16.8.708.2

NANO AntiVirus
Trojan.Nsis.OutBrowse.dpzbjn
0.30.20.1219

Quick Heal
Adware.NSIS.OutBrowse.A
4.15.14.00

Reason Heuristics
Threat.Outbrowse.Bundler
15.4.24.16

Total Defense
Win32/Tnega.LHJFNdD
37.1.62.1

Trend Micro House Call
Suspici.1E2C92BF
7.2.114

Vba32 AntiVirus
Adware.Outbrowse
3.12.26.3

VIPRE Antivirus
Threat.5085447
39354

File size:
597.3 KB (611,680 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\file.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
3/23/2015 1:00:00 AM

Valid to:
1/28/2016 12:59:59 AM

Subject:
CN=DiRecT DoWnloaD GtT, O=DiRecT DoWnloaD GtT, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6550B24C3B7391E6BEA3893AE924F32A

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:fNsqqXM/J3WHOtzx0thPuclKDIrr85yEDn7bLhbcprQs:fNLEkM9uclKcroyETXLhbU

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove file.exe - Powered by Reason Core Security