installer_adobe_flash_player_english.exe

Click Yes

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application installer_adobe_flash_player_english.exe by Click Yes has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Click Yes  (signed and verified)

MD5:
bacfaf3be0a361ce127bdb109a6fd055

SHA-1:
1950b56498c2119af7d406e7ee2a8a4c039a89ef

SHA-256:
57d3bf2c37b0fae8d06e2666402a76fcd9b5be8d27c938bd47793d2466e37c00

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 3:53:40 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Outbrowse.1
704

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.17

Avira AntiVirus
APPL/Downloader.Gen
7.11.210.156

avast!
Win32:Malware-gen
2014.9-150302

AVG
Downloader
2016.0.3182

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.1532

Bitdefender
Gen:Variant.Application.Bundler.Outbrowse.1
1.0.20.305

Comodo Security
Application.Win32.AltBrowse.HY
21106

ESET NOD32
Win32/OutBrowse.BU potentially unwanted
9.11186

Fortinet FortiGate
Riskware/OutBrowse
3/2/2015

F-Secure
Gen:Variant.Application.Bundler
11.2015-02-03_2

G Data
Gen:Variant.Application.Bundler.Outbrowse
15.3.25

IKARUS anti.virus
PUA.OutBrowse
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.195.14984

Malwarebytes
PUP.Optional.OutBrowse
v2015.03.02.10

MicroWorld eScan
Gen:Variant.Application.Bundler.Outbrowse.1
16.0.0.183

Reason Heuristics
PUP.Bundler.Outbrowse
15.3.2.22

Trend Micro House Call
Suspicious_GEN.F47V0204
7.2.61

VIPRE Antivirus
Trojan.Win32.Generic
37628

File size:
577.3 KB (591,112 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\installer_adobe_flash_player_english.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
1/27/2015 8:09:48 AM

Valid to:
12/8/2015 8:13:03 AM

Subject:
CN=Click Yes, O=Click Yes, L=DUBLIN, C=IE

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00AA1A390D4E81FA68

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:BvCsJdfsq7CRwm+hOg12kppStSJxA/U7OWvX7TSNj30Goy+jLn:B1lwJ+hNTmUJWU7OWvXY3Ij

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9656

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove installer_adobe_flash_player_english.exe - Powered by Reason Core Security