inshv18.exe

StART Playing

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application inshv18.exe by StART Playing has been detected as adware by 15 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.
Publisher:
StART Playing  (signed and verified)

Version:
2015.120.1235.2

MD5:
d3b254911132659ebfba2563079ba424

SHA-1:
f16dfe0afc1adf465ac02b65beff4ff6a8a7c29e

SHA-256:
87bc2473a7bbe5a93653cd31a6d72110547e714a583a6131f51540dc8e2a35fc

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/24/2024 3:56:21 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.01.21

AVG
Generic
2016.0.3214

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.15120

Dr.Web
Trojan.KillFiles.22265
9.0.1.030

ESET NOD32
Win32/OutBrowse.BA (variant)
9.11043

Fortinet FortiGate
Riskware/OutBrowse
1/30/2015

G Data
Win32.Application.Agent.9QID6P
15.1.25

K7 AntiVirus
Unwanted-Program
13.192.14775

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.2565

McAfee
Artemis!251E34644BAB
5600.6870

NANO AntiVirus
Trojan.Win32.KillFiles.dmtzdt
0.30.0.65070

Reason Heuristics
PUP.StARTPlaying
15.1.20.13

Sophos
OutBrowse Revenyou
4.98

Trend Micro House Call
Suspicious_GEN.F47V0126
7.2.30

File size:
822.7 KB (842,432 bytes)

Product version:
2015.120.1235.2

Copyright:
Copyright (C) 2015

Original file name:
201512012352.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\inshv18.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
1/18/2015 6:00:00 PM

Valid to:
12/11/2015 5:59:59 PM

Subject:
CN=StART Playing, O=StART Playing, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
58DF35F2B2CFE8E44EF980DD11E01B9F

File PE Metadata
Compilation timestamp:
1/20/2015 6:35:22 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:4o5S1D5svi7drotuH+6q/seuKOo/vcsHllP/fJHFyc:B5S1D5sK71otuH+L/shKOoXhDP/BHFyc

Entry address:
0x854B5

Entry point:
E8, F0, AC, 00, 00, E9, 89, FE, FF, FF, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 40, FA, 4B, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 4C, A4, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 3C, A4, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49, 00, 8D, 04, 5B, 8B, 4C...
 
[+]

Entropy:
6.6203

Code size:
636 KB (651,264 bytes)

Remove inshv18.exe - Powered by Reason Core Security