forge.1.8.11.14.3.1474.installer.exe

The application forge.1.8.11.14.3.1474.installer.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
MD5:
119a1a0b4edec9064a0d470da4291606

SHA-1:
c83b1be9f7f25d50b8689d88c474ef7f07d548fe

SHA-256:
9acbe84c981d48c52192d42d3ad8e1f0a0b483620dc31f6769b4e28038ead807

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/6/2024 1:53:36 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.OutBrowse.J
377

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
PUA/Outbrowse.Gen
8.3.2.2

Arcabit
Application.OutBrowse.J
1.0.0.425

avast!
NSIS:OutBrowse-BN [PUP]
2014.9-160124

Baidu Antivirus
PUA.Win32.Amonetize
4.0.3.16124

Bitdefender
Application.OutBrowse.J
1.0.20.120

Bkav FE
HW32.Packed
1.3.0.7133

Dr.Web
Trojan.Siggen6.33552
9.0.1.024

ESET NOD32
Win32/OutBrowse potentially unwanted
10.12151

F-Secure
Application.OutBrowse.J
11.2016-24-01_1

G Data
Application.OutBrowse
16.1.25

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
14.0.0.768

MicroWorld eScan
Application.OutBrowse.J
17.0.0.72

NANO AntiVirus
Trojan.Win32.DownLoad3.dqapeg
0.30.24.3079

Panda Antivirus
Trj/CI.A
16.01.24.11

Quick Heal
AdWare.OutBrowse.r5 (Not a Virus)
1.16.14.00

Reason Heuristics
PUP.OutBrowse (M)
16.1.24.11

Sophos
Generic PUA MI (PUA)
4.98

Vba32 AntiVirus
Adware.Outbrowse
3.12.26.4

File size:
1.5 MB (1,576,811 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\forge.1.8.11.14.3.1474.installer.exe

File PE Metadata
Compilation timestamp:
1/31/2011 9:44:13 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:XQ9or8FYC2bVE9rXTDqNDLAKUayhuJhn/ZpHh3aKvchHEBEb/tYLnHqELXUuv4:XQ0qY3+nqNHVbnPJVvcmBE/uLKgPv4

Entry address:
0x1D20

Entry point:
55, 8B, EC, 6A, FF, 68, 28, 21, 40, 00, 68, A0, 1E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 88, 20, 40, 00, 59, 83, 0D, 54, 35, 40, 00, FF, 83, 0D, 58, 35, 40, 00, FF, FF, 15, 84, 20, 40, 00, 8B, 0D, CC, 32, 40, 00, 89, 08, FF, 15, 80, 20, 40, 00, 8B, 0D, C8, 32, 40, 00, 89, 08, A1, 7C, 20, 40, 00, 8B, 00, A3, 5C, 35, 40, 00, E8, 10, 01, 00, 00, 39, 1D, BC, 32, 40, 00, 75, 0C, 68, 9C, 1E, 40, 00, FF, 15, 78, 20...
 
[+]

Entropy:
7.8121

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
4 KB (4,096 bytes)

The file forge.1.8.11.14.3.1474.installer.exe has been seen being distributed by the following URL.

Remove forge.1.8.11.14.3.1474.installer.exe - Powered by Reason Core Security