installation.exe

best APP

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application installation.exe by best APP has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
best APP  (signed and verified)

MD5:
66d94314e6211c402a925a2669409990

SHA-1:
13e362a77b60bedb4b288e51bbb6ce070d8b1196

SHA-256:
2c3a3607a4b5c16f05ef7240a6289d4b5528e9404bb70848d93de8d0f41dded2

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 4:52:50 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.26

Avira AntiVirus
Adware/Adlaod.ujad
7.11.212.140

avast!
OutBrowse-AH [PUP]
2014.9-150403

AVG
OutBrowse
2016.0.3055

Dr.Web
Trojan.OutBrowse.90
9.0.1.093

ESET NOD32
NSIS/TrojanDownloader.Adload.AL trojan
9.7.0.302.0

Fortinet FortiGate
W32/ADLOAD.AL!tr
4/3/2015

herdProtect (fuzzy)
2015.7.7.21

K7 AntiVirus
Unwanted-Program
13.198.15085

NANO AntiVirus
Trojan.Nsis.Downloader.doqmxk
0.30.8.659

Quick Heal
Adware.NSIS.OutBrowse.A
4.15.14.00

Reason Heuristics
PUP.Bundler.Outbrowse
15.4.3.5

Sophos
OutBrowse Revenyou
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
90.7 KB (92,880 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\installation.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
2/17/2015 12:00:00 AM

Valid to:
12/17/2015 11:59:59 PM

Subject:
CN=best APP, O=best APP, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
45A289D39620F48EE6F60DAE98BDEFAD

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:YpgpHzb9dZVX9fHMvG0D3XJpPYXnj3WCW2EW58A4Romu/TcNkqIzjbanyUXZf2mw:OgXdZt9P6D3XJynj3WCW2EW5x45tN5Kj

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.1058

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove installation.exe - Powered by Reason Core Security