home

google_talk.exe

rUn appS foreVer LLd

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application google_talk.exe by rUn appS foreVer LLd has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
rUn appS foreVer LLd  (signed and verified)

MD5:
2fe06f37ef744a29dbae6179d62257bd

SHA-1:
da612affc6210cd467202159725411bdd85e1fee

SHA-256:
4e59485d446fc8bdf0d9b4c1f4dfdcf4b9f266a7fd865d09fd90ac125c74dc83

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/2/2024 3:36:14 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.04.09

Dr.Web
Trojan.OutBrowse.296
9.0.1.098

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

F-Prot
W32/Outbrowse.B2.gen
v6.4.7.1.166

K7 AntiVirus
Adware
13.202.15527

McAfee
Adware-OutBrowse.e
5600.6801

NANO AntiVirus
Trojan.Win32.OutBrowse.dqewlt
0.30.10.952

Quick Heal
Adware.NSIS.OutBrowse.A
4.15.14.00

Reason Heuristics
PUP.Bundler.Outbrowse
15.4.8.12

File size:
576.5 KB (590,296 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\google_talk.exe

Digital Signature
Signed by:
rUn appS foreVer LLd

Authority:
thawte, Inc.

Valid from:
3/25/2015 8:00:00 PM

Valid to:
1/27/2016 6:59:59 PM

Subject:
CN=rUn appS foreVer LLd, O=rUn appS foreVer LLd, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6C1EE53C416E683728B3595FD28482FC

File PE Metadata
Compilation timestamp:
12/5/2009 5:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:JQAkgM2ov5M7eOzLLtCN1M5N35gC+Ra9rEavAI6wFnxLdkbdjz:JQAk0oBMH7tCNmNio9waRhnIdj

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9427

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file google_talk.exe has been seen being distributed by the following URL.

http://get.sad1209.info/1428506483/1428506483/get71?p=1955&d=4029&l=3819&n=1&productname=Google Talk&d1=140181&d2=696&exeurl=https://dl.google.com/googletalk/googletalk-setup.exe&filename=Google_Talk&dynamicname=GoogleTalk&tyurl=http://www.postdownload.net/.../redirect.php?id=2t9pp6rqinn7nqv8ntsdnrima9tkrmkgmi2e9jdo6h83ekct9cg0-73582ae0c9ed77e9831e87599b473850&d=downloadzone.org&p=Google Talk&pid=3&bex=1&countryid=265&icon=1

Remove google_talk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.