hack 2014.exe

The application hack 2014.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from download1060.mediafire.com.
MD5:
88ca4799c8a98785c0cdeb2b1f29dfd4

SHA-1:
f680f56f269fa1f8343ee2647aeac6128046eb42

SHA-256:
dc85727896923fc137c614fd941a9f0801c3283d7a6dd64a9a2af711dbdee6c3

Scanner detections:
14 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/26/2024 4:37:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Trojan.Generic.11672330
837

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2014.09.21

Avira AntiVirus
APPL/Downloader.Gen
7.11.173.134

avast!
Win32:Malware-gen
2014.9-141021

Bitdefender
Dropped:Trojan.Generic.11672330
1.0.20.1470

Dr.Web
Trojan.Packed.28644
9.0.1.0294

Emsisoft Anti-Malware
Dropped:Trojan.Generic.11672330
8.14.10.21.05

ESET NOD32
Win32/OutBrowse.AJ (variant)
8.10445

F-Secure
Dropped:Trojan.Generic.11672330
11.2014-21-10_3

G Data
Dropped:Trojan.Generic.11672330
14.10.24

MicroWorld eScan
Dropped:Trojan.Generic.11672330
15.0.0.882

NANO AntiVirus
Trojan.Win32.OutBrowse.deinil
0.28.2.62151

Trend Micro House Call
Suspici.12797D5E
7.2.294

File size:
709.9 KB (726,924 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
12/6/2009 5:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:vPZm4Ry75XB/qc8iX9UEkUaM1iAq1uY4trfap+g9TCXdBNmi6LxV2m/h5hp8XLn:vw48b/qczqEVf1idYY4t7+vVCtBNluqT

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9473

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file hack 2014.exe has been seen being distributed by the following URL.

Remove hack 2014.exe - Powered by Reason Core Security