hack825 v3.1 (last update).exe

The application hack825 v3.1 (last update).exe has been detected as a potentially unwanted program by 31 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from download988.mediafire.com and multiple other hosts.
MD5:
8a43d9f040adc25a5f7899044e121340

SHA-1:
9164806929d380d93326da10f8f9aceb88d04858

SHA-256:
155fea81be59e3ee5cad290c31ea471697e429a13842a5192ae5a2f80cbd595f

Scanner detections:
31 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/23/2024 10:04:04 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Outbrowse.F
910

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
Adware/OutBrowse.G
7.11.132.254

avast!
Win32:Malware-gen
2014.9-140808

AVG
MalSign.OutBrowse
2015.0.3388

Baidu Antivirus
HackTool.Win32.OutBrowse
4.0.3.1488

Bitdefender
Application.Bundler.Outbrowse.F
1.0.20.1100

Comodo Security
Application.Win32.OutBrowse.~A
17925

Dr.Web
Adware.Downware.1676
9.0.1.0220

Emsisoft Anti-Malware
Gen:Variant.Dropper.99
8.14.10.07.01

ESET NOD32
Win32/OutBrowse (variant)
8.9308

Fortinet FortiGate
Riskware/NSIS_OutBrowse
8/8/2014

F-Prot
W32/Outbrowse.A
v6.4.7.1.166

F-Secure
Application.Bundler.Outbrowse
11.2014-08-08_6

G Data
Application.Bundler.Outbrowse
14.8.24

IKARUS anti.virus
not-a-virus:Downloader.NSIS
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.175.10881

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.3436

Malwarebytes
PUP.Optional.OutBrowse
v2014.08.08.07

McAfee
Artemis!9DDCBF0D0925
5600.7044

MicroWorld eScan
Application.Bundler.Outbrowse.F
15.0.0.660

NANO AntiVirus
Trojan.Win32.OutBrowse.csrlza
0.28.0.58394

Panda Antivirus
Trj/NsisDownloader.A
14.08.08.07

Qihoo 360 Security
Win32/Virus.Downloader.ad6
1.0.0.1015

Quick Heal
TrojanDownloader.NSIS.OutBrowse.B
8.14.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.166892FD!375952125
23.00.65.14806

Sophos
Generic PUA CH
4.96

Trend Micro House Call
TROJ_GEN.R047H07AI14
7.2.220

Trend Micro
TROJ_GEN.R047C0OBC14
10.465.08

Vba32 AntiVirus
Downloader.OutBrowse
3.12.24.3

VIPRE Antivirus
OutBrowse
25568

File size:
616 KB (630,753 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\hack825 v3.1 (last update).exe

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:VFFyhCfsMntd1zdwVWyK1EzotWlj+kzVX0xp+lHTNo5uLMxHeXAkepYsq4O:VryhCfsMtpwof1EzotWln3M6VXopa4O

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file hack825 v3.1 (last update).exe has been seen being distributed by the following 2 URLs.

Remove hack825 v3.1 (last update).exe - Powered by Reason Core Security