» installation.exe
Overview
Analysis
File Details
Downloads (1)

installation.exe

OTOPIA SOFT

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application installation.exe by OTOPIA SOFT has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from dl.file14desktop.com.

File name:

installation.exe

Publisher:

OTOPIA SOFT (signed and verified)

MD5:

79214046fedd7477add46f636172642b

SHA-1:

8b6ac498e30353243e84daae28ebc634cf6405a2

SHA-256:

586b4cf1dda3d4add2533dcb0e48eef898b09d4468c3322b19a7165197e2be98

Scanner detections:

10 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

12/27/2024 2:35:26 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.OutBrowse

2014.12.10

Avira AntiVirus

APPL/Outbrowse.Gen

7.11.193.202

AVG

Potentially harmful program Downloader.CHJ

2014.0.4189

ESET NOD32

Win32/OutBrowse.BK potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/OutBrowse

12/9/2014

IKARUS anti.virus

PUA.OutBrowse

t3scan.1.8.5.0

McAfee

Program.Adware-OutBrowse.c

16.8.708.2

NANO AntiVirus

Trojan.Win32.OutBrowse.djogzg

0.28.6.63850

Reason Heuristics

PUP.OTOPIASOFT.M

15.1.4.13

VIPRE Antivirus

Threat.4150696

35418

File size:

566.4 KB (580,000 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

OutBrowse Revenyou (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\installation.exe

Digital Signature

Signed by:

OTOPIA SOFT

Authority:

GlobalSign nv-sa

Valid from:

12/5/2014 4:24:56 AM

Valid to:

12/6/2015 4:24:56 AM

Subject:

CN=OTOPIA SOFT, O=OTOPIA SOFT, L=Dublin, C=IE

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112139A8B0DC3A4BC64F2B7614FA56B4D72C

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:QtdmJMaHF7/985IXKdVzMo/VER7h5VRVW8+sfIkOU3U8yZTwGIa:QtJUB/25IIwo/VEdh5VyhTsUTZTwGI

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9737

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file installation.exe has been seen being distributed by the following URL.

http://dl.file14desktop.com/.../get10?p=13013&d=24699&l=24043&n=0&d1=1&s=mbs-f40&clickid=3434fd24-2965-4a12-96a0-0ce67364201b

Remove installation.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.