hamachi.exe

The application hamachi.exe has been detected as a potentially unwanted program by 29 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from download2207.mediafire.com.
MD5:
49ef41d032ac31a3b14d1770990a0c7c

SHA-1:
84061a4000a1c2a0bd6b88ec0d50bde8e250f4f1

SHA-256:
e1d5ed8b1adafaee3ff5132d51ad41e758dd9c0de858d2350af8e09a4ea61438

Scanner detections:
29 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/24/2024 12:24:20 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Outbrowse.A
205

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2014.08.05

Avira AntiVirus
APPL/Downloader.Gen
7.11.165.50

AVG
OutBrowse
2017.0.2683

Baidu Antivirus
HackTool.Win32.OutBrowse
4.0.3.16714

Bitdefender
Application.Bundler.Outbrowse.A
1.0.20.980

Comodo Security
Application.Win32.OutBrowse.~B
19085

Dr.Web
Adware.Downware.1676
9.0.1.0196

ESET NOD32
Win32/OutBrowse (variant)
10.10203

Fortinet FortiGate
Riskware/NSIS_OutBrowse
7/14/2016

F-Secure
Application.Bundler.Outbrowse
11.2016-14-07_5

G Data
Application.Bundler.Outbrowse
16.7.24

IKARUS anti.virus
PUA.OutBrowse
t3scan.1.6.1.0

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.-91

Malwarebytes
PUP.Optional.Smart
v2016.07.14.06

McAfee
RDN/Generic Downloader.x!iv
5600.6339

MicroWorld eScan
Application.Bundler.Outbrowse.A
17.0.0.588

NANO AntiVirus
Trojan.Win32.OutBrowse.cxaakt
0.28.2.61349

Panda Antivirus
Trj/NsisDownloader.A
16.07.14.06

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Quick Heal
TrojanDownloader.NSIS.OutBrowse.B
7.16.14.00

Reason Heuristics
PUP.OutBrowse (M)
16.7.14.6

Rising Antivirus
PE:Trojan.Win32.Generic.164A18B3!373954739
23.00.65.16712

Sophos
OutBrowse
4.98

Trend Micro House Call
TROJ_GEN.R04AC0EAR14
7.2.196

Trend Micro
TROJ_GEN.R04AC0EAR14
10.465.14

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.3

VIPRE Antivirus
OutBrowse
31924

File size:
608 KB (622,556 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\hamachi.exe

File PE Metadata
Compilation timestamp:
12/5/2009 7:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:0f5cWN3aPbD3x6imu00ufz6HSkdxvN+RrA55N2uSgcbUe6Q8SAEe3nTJlu:0BrNKPbDVmH0uf+HSkHl+RsnNFSgcD6+

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file hamachi.exe has been seen being distributed by the following URL.

Remove hamachi.exe - Powered by Reason Core Security