inshv61.exe

Confirmed App nln

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application inshv61.exe, “ Install Your Software” by Confirmed App nln has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
Confirmed App nln  (signed and verified)

Description:
Install Your Software

Version:
2015.128.725.5

MD5:
9f9929f295b213a097e15f4668ed5548

SHA-1:
92a960324a975446f9c2bbfea87aac1d74788e4f

SHA-256:
4ac4034cd710bb94122e6276df647dc1a377f7b8e55c2359ff6941404aaf4d6f

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/30/2024 8:31:24 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.01.22

AVG
Generic
2016.0.3213

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.15130

Dr.Web
Trojan.KillFiles.22265
9.0.1.05190

ESET NOD32
Win32/OutBrowse.BA potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
1/30/2015

G Data
Win32.Application.Agent.9QID6P
15.1.25

K7 AntiVirus
Unwanted-Program
13.192.14775

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
15.0.0.543

McAfee
Artemis!251E34644BAB
5600.6869

NANO AntiVirus
Trojan.Win32.KillFiles.dmtzdt
0.30.0.65070

Panda Antivirus
Generic Suspicious
15.01.30.02

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.Outbrowse
15.2.14.11

Sophos
PUA 'OutBrowse Revenyou'
59

Trend Micro House Call
Suspicious_GEN.F47V0126
7.2.30

VIPRE Antivirus
Threat.4150696
36666

File size:
822.7 KB (842,440 bytes)

Product version:
2015.128.725.5

Copyright:
Copyright (C) 2015

Original file name:
20151287255.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\inshv61.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
1/26/2015 8:00:00 PM

Valid to:
1/27/2016 7:59:59 PM

Subject:
CN=Confirmed App nln, O=Confirmed App nln, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
383328578E5F503F8EAA53621314DD36

File PE Metadata
Compilation timestamp:
1/28/2015 3:26:23 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:Jo5S1D5svi7drotuH+6q/seuKOo/vcsHllP/fJ+Fy5:O5S1D5sK71otuH+L/shKOoXhDP/B+Fy5

Entry address:
0x854B5

Entry point:
E8, F0, AC, 00, 00, E9, 89, FE, FF, FF, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 40, FA, 4B, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 4C, A4, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 3C, A4, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49, 00, 8D, 04, 5B, 8B, 4C...
 
[+]

Code size:
636 KB (651,264 bytes)

Remove inshv61.exe - Powered by Reason Core Security