Ionic.Zip-2015Mar15-105657-737bea87-f17b-40d8-8b0f-0c8c3ac04643.exe

Setup

CLIck TO STARt

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file Ionic.Zip-2015Mar15-105657-737bea87-f17b-40d8-8b0f-0c8c3ac04643.exe by CLIck TO STARt has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the OutBrowse Revenyou installer.
Publisher:
CLIck TO STARt  (signed and verified)

Product:
Setup

Version:
1.9.3.0

MD5:
64aab83a7791596c855587116da04735

SHA-1:
f425280c692cae45621a6e3fcb717f4085208a27

SHA-256:
3a39dc4a1ac5806add64efbedc1b6c92d672132d5bfea8fca916022597665eb9

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/27/2024 12:26:17 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse.CLIckTOS.Bundler (M)
16.4.26.3

File size:
1.1 MB (1,152,216 bytes)

Product version:
1.9.3.0

Copyright:
Setup

Original file name:
Ionic.Zip-2015Mar15-105657-737bea87-f17b-40d8-8b0f-0c8c3ac04643.exe

Bundler/Installer:
OutBrowse Revenyou

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\trzbbd7.tmp

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
3/10/2015 1:00:00 AM

Valid to:
12/18/2015 12:59:59 AM

Subject:
CN=CLIck TO STARt, O=CLIck TO STARt, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
63D41C853E9FA7EFE4FF93EA0102CD0B

File PE Metadata
Compilation timestamp:
3/15/2015 11:56:57 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:EbSaE4mvt/j9BYfRPkVMMpbmenwHLMthC90EKTq:EbSv4mvN9BuRPkxZmewHLwhC90EWq

Entry address:
0x75F3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
464 KB (475,136 bytes)