home

gridinsoft trojan killer 2.2.5.7 full patch keygen_(best4pc.com).rar.exe

SaFe SofTWare SLl

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application gridinsoft trojan killer 2.2.5.7 full patch keygen_(best4pc.com).rar.exe by SaFe SofTWare SLl has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
ZEEMQ  (signed by SaFe SofTWare SLl)

Product:
ZEEMQ

Version:
1886.1564.1350.2351

MD5:
5c40ec143a6ce683b8d43ae6373dfdea

SHA-1:
c4c4f1011118cd3920c2a908f2cca70666d05aff

SHA-256:
550eba49f08d0f779a6206b0b7bc2aaceb05bb61ac03e4f3b5adea257a996c57

Scanner detections:
2 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/27/2024 4:56:29 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/OutBrowse.CB potentially unwanted application
7.0.302.0

Reason Heuristics
PUP.Outbrowse.Bundler
15.6.6.6

File size:
633.8 KB (649,048 bytes)

Product version:
1886.1564.1350.2351

Copyright:
ZEEMQ

Trademarks:
ZEEMQ

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\gridinsoft trojan killer 2.2.5.7 full patch keygen_(best4pc.com).rar.exe

Digital Signature
Signed by:
SaFe SofTWare SLl

Authority:
thawte, Inc.

Valid from:
5/25/2015 9:00:00 PM

Valid to:
1/27/2016 9:59:59 PM

Subject:
CN=SaFe SofTWare SLl, O=SaFe SofTWare SLl, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
59BA06BDD5FE8AD6611178F07F528856

File PE Metadata
Compilation timestamp:
12/5/2009 8:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:3oT7gSlpZJ587gdOD0xTVQkaM0L4mCcpzTfc8vy4h7:3aESFJ5c7DaVQXsozA86y

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file gridinsoft trojan killer 2.2.5.7 full patch keygen_(best4pc.com).rar.exe has been seen being distributed by the following URL.

http://get.0133b.info/.../1433436274/1433436274?13482937658ZmJwLjU2bTYrNDAzLyJcOykzKjAsHms6Li0xKzQfaDgpJW1uZ2JsYG1oXGVkOkBndWVpaFtfRWBrXV9jaSNecmBtcWk5YHJrbR4tXB0xYyEqZFlibG4vaGIrX2drHC9fbWBsdG0qXXZcI11zaVlsZl9mX2RiNkFtYWNmakttXXEeLCtMcWxmWWwcLylFZGRrYm4dMCcvJywpLS00ISouPXJlZiAqLyIuKCMpLUlbb1tnIi4oIyktHiwrQ2R2Y11sHWNiZmBmYGphNUVpZl1jaUtuY3AdMCdRa2llWW0iLihJYGllX20dMS0uJjAlMicxICovQ3FkahwvKR8tKCQvLEhfa2BhHy0oJC8sHTAnSF5zYl1tXCRaY2pxLWpeJmJsaSEsaV5rIGRbbms5Ki4dd2JqOCg

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.