home

installation.exe

Direct download gtt

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application installation.exe by Direct download gtt has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from get.0104solutions.info.
Publisher:
Direct download gtt  (signed and verified)

MD5:
cb709d5fabaecdee30a8c1f97c00d890

SHA-1:
a12aa758f9f6724401f41a1c56d2362b4f5399ff

SHA-256:
fcb928516f353b8d2fae96f154bc013b6dec418f25808948baa63e23c41af0dd

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/24/2024 12:38:31 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Outbrowse.1
5636104

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.04.15

Avira AntiVirus
APPL/Downloader.Gen
3.6.1.96

avast!
OutBrowse-EM [PUP]
150319-1

AVG
Potentially harmful program Downloader.DIT
2014.0.4311

Bitdefender
Gen:Variant.Application.Bundler.Outbrowse.1
1.0.20.525

Dr.Web
Trojan.OutBrowse.144
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Outbrowse
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
4/15/2015

F-Secure
Gen:Variant.Application.Bundler
11.2015-15-04_4

G Data
Gen:Variant.Application.Bundler.Outbrowse
15.4.25

K7 AntiVirus
Trojan
13.202.15600

Malwarebytes
PUP.Optional.OutBrowse.gen
v2015.04.15.10

MicroWorld eScan
Gen:Variant.Application.Bundler.Outbrowse.1
16.0.0.315

NANO AntiVirus
Trojan.Win32.OutBrowse.dmikim
0.30.16.1110

Quick Heal
Adware.NSIS.OutBrowse.A
4.15.14.00

Reason Heuristics
Threat.Outbrowse.Bundler
15.4.15.6

Sophos
PUA 'OutBrowse Revenyou'
5.12

Trend Micro House Call
Suspici.2AB55E13
7.2.105

VIPRE Antivirus
Threat.5085447
38882

File size:
601.4 KB (615,800 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mise a jour windows 7\installation.exe

Digital Signature
Signed by:
Direct download gtt

Authority:
thawte, Inc.

Valid from:
2/1/2015 1:00:00 AM

Valid to:
1/28/2016 12:59:59 AM

Subject:
CN=Direct download gtt, O=Direct download gtt, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
437F22B992D6BC792B0BAE598B2BBE19

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:mtpP/daHt1iG9eDRJuO0Z2/ktPKoGltsxRs/c20rNKvn5a+MX5OLe5EPD:mtpPA2G9ERkzZV47s2c2Km5a+MX5L5SD

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file installation.exe has been seen being distributed by the following URL.

http://get.0104solutions.info/.../get61?p=13073&d=18563&l=3325&n=0&d1=NUMBER&clickid=xA10GPI65N&icon=3

Remove installation.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.