» godzilla.exe
Overview
Analysis
File Details

godzilla.exe

Yes Apps

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application godzilla.exe by Yes Apps has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup.

File name:

godzilla.exe

Publisher:

Yes Apps (signed and verified)

MD5:

d2b5d370ff828f6e6aec4e938702ce6d

SHA-1:

1b43d108c1dc26eab4f79108b6a42290661e5b9d

SHA-256:

70873550abcb55ca8c8bb290d515acbea2dcf0d6801fd78330e7be1cd64dd455

Scanner detections:

10 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

1/11/2025 10:03:42 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.OutBrowse

2014.12.24

Avira AntiVirus

APPL/Outbrowse.Gen

7.11.197.158

AVG

Potentially harmful program Downloader.CVJ

2014.0.4235

ESET NOD32

Win32/OutBrowse.BN potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/OutBrowse

12/23/2014

K7 AntiVirus

Trojan

13.188.14426

Malwarebytes

PUP.Optional.OutBrowse

v2014.12.23.09

Reason Heuristics

PUP.YesApps.I

14.12.23.21

Sophos

Generic PUA IP

4.98

Trend Micro House Call

Suspici.D7386B62

7.2.357

File size:

583.4 KB (597,352 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

OutBrowse Revenyou (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\godzilla.exe

Digital Signature

Signed by:

Yes Apps

Authority:

thawte, Inc.

Valid from:

12/17/2014 5:30:00 AM

Valid to:

12/18/2015 5:29:59 AM

Subject:

CN=Yes Apps, O=Yes Apps, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

09183CB6D2B76F4BEF1BA013E2A2DBE1

File PE Metadata

Compilation timestamp:

12/6/2009 4:20:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:TlsMg7HpTI6YxAmWDpBhKbVbSKzv+R+6da+YjcUyzRRJ1pJl866Ft:TOpJTPYx/axUVbnzw+6dz4LG7l8F

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9739

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove godzilla.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.