hack 100% 2014.exe

The application hack 100% 2014.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from download1635.mediafire.com and multiple other hosts.
MD5:
4a977677c60d1398f54a1863a759c9ab

SHA-1:
6c51b173023afb7496fc4b34c8bf5aec71e02bb1

SHA-256:
013a5f22a8b9359326c51fea129ba60cacf010690a1ca1b6350e8c8afb3dc8bd

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/25/2024 1:21:05 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AVG
MalSign.OutBrowse
2015.0.3524

Baidu Antivirus
HackTool.Win32.OutBrowse
4.0.3.14325

Comodo Security
Application.Win32.OutBrowse.~A
17989

Dr.Web
Adware.Downware.1770
9.0.1.084

ESET NOD32
Win32/OutBrowse (variant)
8.9590

Fortinet FortiGate
Riskware/NSIS_OutBrowse
3/25/2014

G Data
Win32.Application.OutBrowse
14.3.24

IKARUS anti.virus
not-a-virus:Downloader.NSIS
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.176.11554

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.4116

Malwarebytes
PUP.Optional.OutBrowse
v2014.03.25.05

McAfee
RDN/Generic PUP.x!btt
5600.7180

NANO AntiVirus
Trojan.Win32.OutBrowse.csrlza
0.28.0.58720

Qihoo 360 Security
Win32/Virus.Downloader.ad6
1.0.0.1015

Quick Heal
Trojan.NSIS.OutBrowse.b
3.14.12.00

Sophos
OutBrowse
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0PCO14
7.2.84

Trend Micro
TROJ_GEN.R0CBC0PCO14
10.465.25

Vba32 AntiVirus
Downloader.OutBrowse
3.12.24.3

VIPRE Antivirus
OutBrowse
27728

File size:
616 KB (630,760 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\hack 100% 2014.exe

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:TGFyhCfsMntd1zdwVWyK1EzotWlj+kzVX0xp+lHTNo5uLMxHeXAkepYsq43:TGyhCfsMtpwof1EzotWln3M6VXopa43

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9789

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file hack 100% 2014.exe has been seen being distributed by the following 3 URLs.

http://download1635.mediafire.com/dfff5ahloo9g/.../Hack 100% 2014.exe

Remove hack 100% 2014.exe - Powered by Reason Core Security