» installation.exe
Overview
Analysis
File Details

installation.exe

BEST APP

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application installation.exe by BEST APP has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup.

File name:

installation.exe

Publisher:

BEST APP (signed and verified)

MD5:

1989aee9175005dc2a089760c39c4416

SHA-1:

59b1a9f809a495cc887354c49c74c9690c4f1e20

SHA-256:

f72e37983c00712b7b7358bd2f1262aaabd3a3b680e3657ed9e70ce805942d3c

Scanner detections:

28 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

12/27/2024 2:59:17 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

MemScan:Application.Bundler.Outbrowse.AN

668

Agnitum Outpost

PUA.OutBrowse

7.1.1

AhnLab V3 Security

PUP/Win32.OutBrowse

2015.04.08

Avira AntiVirus

PUA/Outbrowse.Gen

3.6.1.96

avast!

OutBrowse-FR [PUP]

2014.9-150407

AVG

Potentially harmful program Downloader

2016.0.3146

Bitdefender

MemScan:Application.Bundler.Outbrowse.AN

1.0.20.485

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.AltBrowse.HY

21681

Dr.Web

Trojan.OutBrowse.62

9.0.1.097

Emsisoft Anti-Malware

MemScan:Application.Bundler.Outbrowse.AN

8.15.04.07.03

ESET NOD32

Win32/OutBrowse.BY potentially unwanted application

9.7.0.302.0

Fortinet FortiGate

Riskware/OutBrowse

4/7/2015

F-Secure

Riskware.MemScan:Application.Bundler.Outbrowse

5.13.68

G Data

MemScan:Application.Bundler.Outbrowse.AN

15.4.25

herdProtect (fuzzy)

variant of unconfirmed 267230.crdownload (Adware)

2015.7.10.20

K7 AntiVirus

Trojan

13.202.15513

Malwarebytes

PUP.Optional.OutBrowse

v2015.04.07.03

McAfee

Program.Adware-OutBrowse.e

5600.6802

MicroWorld eScan

MemScan:Application.Bundler.Outbrowse.AN

16.0.0.291

NANO AntiVirus

Trojan.Win32.OutBrowse.dlunsw

0.30.10.952

Quick Heal

Adware.NSIS.OutBrowse.A

4.15.14.00

Reason Heuristics

PUP.Bundler.Outbrowse

15.4.7.11

Sophos

Generic PUA AE

4.98

Trend Micro House Call

TROJ_GE.546C885B

7.2.97

Trend Micro

TROJ_GE.546C885B

10.465.07

Vba32 AntiVirus

Downloader.OutBrowse

3.12.26.3

VIPRE Antivirus

Threat.4823950

39486

File size:

568.4 KB (582,048 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

OutBrowse Revenyou (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\installation.exe

Digital Signature

Signed by:

BEST APP

Authority:

thawte, Inc.

Valid from:

1/3/2015 7:00:00 PM

Valid to:

12/17/2015 6:59:59 PM

Subject:

CN=BEST APP, O=BEST APP, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

1D0774D8D3A913BED64F71672A861C69

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:eH2DngHTVx549xd/rNhwranvxCSAXoXmzB0VL8UsGGwClTnl2wYB:efxi9xdbYSAXoC098UpGri

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9766

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove installation.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.