home

installation.exe

Best App

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application installation.exe by Best App has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from dl.file17desktop.com.
Publisher:
Best App  (signed and verified)

MD5:
a96d7e6845c2c631d5aa20706f40a9d8

SHA-1:
c36ac4dd46ab38bc4679267e3915aff264bbe8ad

SHA-256:
b0caa9a8b3a5bd2f6703df2a3d61884dc83663bd2281f4961f1d64edc01317a8

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/24/2024 4:50:34 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
MemScan:Application.Bundler.IX
634

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.05.12

avast!
Malware-gen
2014.9-150511

AVG
Generic
2016.0.3112

Bitdefender
MemScan:Application.Bundler.IX
1.0.20.655

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.OutBrowse.MQPC
22080

Dr.Web
Trojan.OutBrowse.90
9.0.1.05190

Emsisoft Anti-Malware
MemScan:Application.Bundler.IX
8.15.05.11.06

ESET NOD32
Win32/OutBrowse.BK potentially unwanted application
9.7.0.302.0

F-Secure
Riskware.MemScan:Application.Bundler.IX
11.2015-11-05_2

G Data
MemScan:Application.Bundler.IX
15.5.25

herdProtect (fuzzy)
variant of installation (47).exe (Adware)
2015.8.8.21

K7 AntiVirus
Unwanted-Program
13.188.14496

Malwarebytes
PUP.Optional.OutBrowse
v2015.05.11.07

McAfee
Program.Adware-OutBrowse.c
5600.6768

MicroWorld eScan
MemScan:Application.Bundler.IX
16.0.0.393

NANO AntiVirus
Trojan.Win32.OutBrowse.dlwssj
0.30.24.1357

Norman
MemScan:Application.Bundler.IX
11.20150808

Quick Heal
Adware.NSIS.OutBrowse.A
5.15.14.00

Reason Heuristics
Threat.Outbrowse.Bundler
15.5.11.14

VIPRE Antivirus
Threat.4150696
35418

File size:
566.1 KB (579,640 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\installation.exe

Digital Signature
Signed by:
Best App

Authority:
GlobalSign nv-sa

Valid from:
12/5/2014 4:37:04 AM

Valid to:
12/6/2015 4:37:04 AM

Subject:
CN=Best App, O=Best App, L=Dublin, C=IE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11215B01F9256F0A054A3A5BFF4B3A8312B6

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:5ViscOInUHu7GVj1xuVyE/jDtW1Rpw4tbtrcnBG4YseigJ3P6++4OP:5IUOb1vtW1wub1cnRYseiZ+U

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9732

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file installation.exe has been seen being distributed by the following URL.

http://dl.file17desktop.com/.../get14?p=233&d=24601&l=1694&n=0&d1=NUMBER,008812382&clickid=008812382017218233772

Remove installation.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.