inshv18.exe

StArt playing

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application inshv18.exe by StArt playing has been detected as adware by 15 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.
Publisher:
StArt playing  (signed and verified)

Version:
2015.122.1129.3

MD5:
b5a8b8bcd1f642b53b3425036fc9c351

SHA-1:
2b57f3b72b023bf8a3e31a56abac19c360620c8f

SHA-256:
22bab7e8b371da25b241c270b80b98386f0fd69683577ffc51a6e5d3d118fd64

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/25/2024 6:59:07 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.01.23

AVG
Generic
2016.0.3214

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.15127

Dr.Web
Trojan.KillFiles.22265
9.0.1.027

ESET NOD32
Win32/OutBrowse.BA (variant)
9.11059

Fortinet FortiGate
Riskware/OutBrowse
1/30/2015

G Data
Win32.Application.Agent.9QID6P
15.1.25

K7 AntiVirus
Unwanted-Program
13.192.14775

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.2565

McAfee
Artemis!251E34644BAB
5600.6870

NANO AntiVirus
Trojan.Win32.KillFiles.dmtzdt
0.30.0.65070

Reason Heuristics
PUP.Outbrowse
15.1.27.1

Sophos
OutBrowse Revenyou
4.98

Trend Micro House Call
Suspicious_GEN.F47V0126
7.2.30

File size:
822.7 KB (842,432 bytes)

Product version:
2015.122.1129.3

Copyright:
Copyright (C) 2015

Original file name:
201512211293.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\inshv18.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
1/20/2015 4:00:00 PM

Valid to:
12/11/2015 3:59:59 PM

Subject:
CN=StArt playing, O=StArt playing, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
37FBEB4D120EDCC07BA62BB886A19AF1

File PE Metadata
Compilation timestamp:
1/22/2015 3:32:32 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:3o5S1D5svi7drotuH+6q/seuKOo/vcsHllP/fJ/Fyt:45S1D5sK71otuH+L/shKOoXhDP/B/Fyt

Entry address:
0x854B5

Entry point:
E8, F0, AC, 00, 00, E9, 89, FE, FF, FF, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 40, FA, 4B, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 4C, A4, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 3C, A4, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49, 00, 8D, 04, 5B, 8B, 4C...
 
[+]

Entropy:
6.6202

Code size:
636 KB (651,264 bytes)

Remove inshv18.exe - Powered by Reason Core Security