java_runtime_enviroment_setup.exe.exe

The application java_runtime_enviroment_setup.exe.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. The file has been seen being downloaded from 24browser.plugin-update.com.
MD5:
542e5c1eb6f089117c86f761142f37a0

SHA-1:
1b69aad79dd9a5de5430435feda51d2f98fe050f

SHA-256:
71e89eb7b3c4d518e88a1b00058bcfb76a59266384c5f755057372afd1cb08d4

Scanner detections:
14 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/25/2024 5:41:49 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Outbrowse.1
517

Avira AntiVirus
TR/Trash.Gen
8.3.2.2

avast!
Win32:OutBrowse-EC [PUP]
150828-0

AVG
Win.Threat.Medium
2016.0.2995

Dr.Web
Trojan.OutBrowse.76
9.0.1.0248

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Outbrowse
8.15.09.05.05

herdProtect (fuzzy)
2015.9.5.17

IKARUS anti.virus
PUA.SearchProtect
t3scan.1.9.5.0

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.1471

Malwarebytes
PUP.Optional.OutBrowse
v2015.09.05.05

McAfee
Program.Adware-OutBrowse.e
5600.6651

MicroWorld eScan
Gen:Variant.Application.Bundler.Outbrowse.1
16.0.0.744

Quick Heal
Adware.NSIS.OutBrowse.A
9.15.14.00

VIPRE Antivirus
Threat.4823950
39354

File size:
572.5 KB (586,240 bytes)

File type:
Executable application (Win16 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\java_runtime_enviroment_setup.exe.exe

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win16

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:VR+K03A9Dt11TCVMz+jFUeC3Cwi+67iQ1hEkDe:VvMU5CVTkDi77i6Dy

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9705

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file java_runtime_enviroment_setup.exe.exe has been seen being distributed by the following URL.

Remove java_runtime_enviroment_setup.exe.exe - Powered by Reason Core Security