filehost_nvidia e5 counter-strike.exe

The application filehost_nvidia e5 counter-strike.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from dl.girlshare.ro.
MD5:
6544bd63ddd43e346c0413a2e1b05306

SHA-1:
1b10297f0bce6036899e0973a6def2d896c8c0c6

SHA-256:
9480ed5a09487bcb7b5642940a8a171314463dd2857752549a6628e178c089dc

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/24/2024 5:08:42 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

avast!
Win32:Malware-gen
2014.9-140820

AVG
MalSign.OutBrowse
2015.0.3376

Baidu Antivirus
HackTool.Win32.OutBrowse
4.0.3.14820

Comodo Security
Application.Win32.OutBrowse.~A
17773

Dr.Web
Adware.Downware.1770
9.0.1.0232

ESET NOD32
Win32/OutBrowse (variant)
8.9414

Fortinet FortiGate
Riskware/NSIS_OutBrowse
8/20/2014

G Data
Win32.Trojan.Agent.IMV6L0
14.8.24

IKARUS anti.virus
not-a-virus:Downloader.NSIS
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.175.11150

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.3377

Malwarebytes
PUP.Optional.OutBrowse
v2014.08.20.12

McAfee
Artemis!6544BD63DDD4
5600.7032

NANO AntiVirus
Trojan.Win32.OutBrowse.csrlza
0.28.0.57630

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Sophos
OutBrowse
4.97

Trend Micro House Call
TROJ_GEN.R047H07BB14
7.2.232

Vba32 AntiVirus
Downloader.OutBrowse
3.12.24.3

VIPRE Antivirus
OutBrowse
26394

File size:
616 KB (630,761 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\filehost_nvidia e5 counter-strike.exe

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:ZTFyhCfsMntd1zdwVWyK1EzotWlj+kzVX0xp+lHTNo5uLMxHeXAkepYsq49:ZRyhCfsMtpwof1EzotWln3M6VXopa49

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file filehost_nvidia e5 counter-strike.exe has been seen being distributed by the following URL.

Remove filehost_nvidia e5 counter-strike.exe - Powered by Reason Core Security