home

installer_adobe_flash_player_english.exe

Click Yes

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application installer_adobe_flash_player_english.exe by Click Yes has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
Click Yes  (signed and verified)

MD5:
6d2d7b38a2ff86aa5f17a9abac921e9c

SHA-1:
2c9b6e7889ab0be2822f58f9a74e3bfe5556316d

SHA-256:
df64d0cb6c0357e2a4b7c2d16180a95f128bb2520284c899a6168fe8a20d47d7

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/25/2024 4:33:28 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3267

Dr.Web
Trojan.OutBrowse.6
9.0.1.0341

K7 AntiVirus
Unwanted-Program
13.186.14210

Reason Heuristics
PUP.ClickYes.e
14.12.7.14

Sophos
OutBrowse Revenyou
4.98

VIPRE Antivirus
OutBrowse
35350

File size:
557.8 KB (571,232 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\installer_adobe_flash_player_english.exe

Digital Signature
Signed by:
Click Yes

Authority:
GlobalSign nv-sa

Valid from:
11/5/2014 5:07:31 PM

Valid to:
10/22/2015 1:00:12 PM

Subject:
CN=Click Yes, O=Click Yes, L=Dublin, C=IE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112190C87C7B9BFB7AB9CC923A9EA0FD08B2

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:UkCXMe3ui+mZMNV6HZS15Ze/6yVEBaaKMejd2pONjIIv:Ud3HZMBPZe/6yi5pO+0

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9670

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file installer_adobe_flash_player_english.exe has been seen being distributed by the following 5 URLs.

http://clkmon.com/.../sa?cid=SUPER-CRSRDR-200135901318000000&pid=11021&q=vorterix, radio, fm, 103.1, pergolini, rock, argentina, transmision, transmision

http://domsem.com.edgesuite.net/installers/out/012010120201203/piid-547df16779ef30.08541781/on/2/freesoftstorecom/english/revenue/chrome/adobe_flash_player/d/275876e34cf609db118f3d84b799a790/out/.../na/installer_adobe_flash_player_English.exe

http://freempr9.daderetac.com/down.php?p=REVENUE&trckid=009061418016565441613

http://freempr9.jrcaaa.com/down.php?p=REVENUE&trckid=009061418016565441613

http://clkmon.com/.../sa?cid=11021-500217300424000000&pid=11021&q=Panasonic Eluga S Price in India 2014 2nd December valid in Bangalore, Hyderabad

Remove installer_adobe_flash_player_english.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.