hack_crack_file_free_clean_file_2014.exe

The application hack_crack_file_free_clean_file_2014.exe has been detected as a potentially unwanted program by 26 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from d1zjcuqflbd5k.cloudfront.net.
MD5:
547349954b279b38b5834477e1541fa0

SHA-1:
a69560f642f357d5ccd4b4f8e9fb41d44614a34a

SHA-256:
2df20f73b6e5ba611d10a10b2ed85ff5dea72d463c4aa2394d2fa75a6e50a91b

Scanner detections:
26 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/5/2024 12:45:08 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Trojan.Generic.11672330
843

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
TR/Agent.726922.3
7.11.177.102

avast!
NSIS:OutBrowse-D [PUP]
2014.9-141015

Baidu Antivirus
Adware.Win32.OutBrowse
4.0.3.141015

Bitdefender
Dropped:Trojan.Generic.11672330
1.0.20.1440

Dr.Web
Trojan.Packed.28662
9.0.1.0288

Emsisoft Anti-Malware
Dropped:Trojan.Generic.11672330
8.14.10.15.10

ESET NOD32
Win32/OutBrowse.AJ (variant)
8.10536

F-Secure
Dropped:Trojan.Generic.11672330
11.2014-15-10_4

G Data
Dropped:Trojan.Generic.11672330
14.10.24

K7 AntiVirus
Trojan
13.183.13630

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
14.0.0.3098

Malwarebytes
PUP.Optional.OutBrowse
v2014.10.15.10

McAfee
Artemis!547349954B27
5600.6977

MicroWorld eScan
Dropped:Trojan.Generic.11672330
15.0.0.864

NANO AntiVirus
Trojan.Win32.OutBrowse.deinil
0.28.2.62483

nProtect
Trojan-Clicker/W32.OutBrowse.726922
14.10.08.01

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Quick Heal
AdWare.OutBrowse.r5 (Not a Virus)
10.14.14.00

Sophos
Generic PUA KG
4.98

Trend Micro House Call
TROJ_SPNR.08IN14
7.2.288

Trend Micro
TROJ_SPNR.08IN14
10.465.15

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
33768

Zillya! Antivirus
Adware.OutBrowse.Win32.9140
2.0.0.1948

File size:
709.9 KB (726,922 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\hack_crack_file_free_clean_file_2014.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:21m4Ry75XB/qc8iX9UEkUaM1iAq1uY4trfap+g9TCXdBNmi6LxV2m/h5hp8XLi:2s48b/qczqEVf1idYY4t7+vVCtBNluq2

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file hack_crack_file_free_clean_file_2014.exe has been seen being distributed by the following URL.

Remove hack_crack_file_free_clean_file_2014.exe - Powered by Reason Core Security