java.exe

Safe Software SLL

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application java.exe by Safe Software SLL has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from get.downserver4.com.
Publisher:
Safe Software SLL  (signed and verified)

MD5:
4a34aafd1cca8d49bbbbcfef4b9b21fd

SHA-1:
3aaaf33b2e6419f0a7c6246bbc3bfce9a4303f9c

SHA-256:
cce01e23c2bfedb0a229df73755cb31246f39894e9ebf0e82d3a33f9166d9abb

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 8:23:20 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Outbrowse.1
6397750

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.12

Avira AntiVirus
APPL/Outbrowse.Gen
7.11.209.210

AVG
Downloader
2016.0.3201

Bitdefender
Gen:Variant.Application.Bundler.Outbrowse.1
1.0.20.215

Comodo Security
Application.Win32.AltBrowse.HY
21051

Dr.Web
Trojan.OutBrowse.88
9.0.1.043

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Outbrowse
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
2/12/2015

F-Secure
Gen:Variant.Application.Bundler
11.2015-12-02_5

G Data
Gen:Variant.Application.Bundler.Outbrowse
15.2.25

K7 AntiVirus
DoS-Trojan
13.194.14945

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
15.0.0.543

Malwarebytes
PUP.Optional.OutBrowse.gen
v2015.02.12.06

McAfee
Program.Adware-OutBrowse.e
16.8.708.2

MicroWorld eScan
Gen:Variant.Application.Bundler.Outbrowse.1
16.0.0.129

NANO AntiVirus
Trojan.Win32.OutBrowse.dnkyzt
0.30.0.65070

Reason Heuristics
PUP.Outbrowse
15.2.18.17

Trend Micro House Call
Suspici.B3BC0FA9
7.2.43

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.3

VIPRE Antivirus
Threat.4150696
37240

File size:
582 KB (596,000 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\java.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
1/27/2015 12:00:00 AM

Valid to:
1/27/2016 11:59:59 PM

Subject:
CN=Safe Software SLL, O=Safe Software SLL, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
32652525993D5118352B7B2FA21F641D

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:mFZ9/I4pspAdLguCGXwPqx3WJetSxfV7DjY/Xr9:mX9NpspAVEGgPhJetSxfR6

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9701

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file java.exe has been seen being distributed by the following URL.

Remove java.exe - Powered by Reason Core Security