java_runtime_enviroment_setup.exe.exe

The application java_runtime_enviroment_setup.exe.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. The file has been seen being downloaded from 24browser.plugin-update.com.
MD5:
a0f3267073d50e0249fffea74729200d

SHA-1:
8535bcf08d4237fe41ee726a5f648d104279859a

SHA-256:
5753876637d84653caa10e457e202d378506ff1dff746d2aff43b5c98d2f80ae

Scanner detections:
14 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/25/2024 6:19:11 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Outbrowse.1
517

Avira AntiVirus
TR/Trash.Gen
8.3.2.2

avast!
Win32:OutBrowse-EC [PUP]
150828-0

AVG
Win.Threat.Medium
2016.0.2995

Dr.Web
Trojan.OutBrowse.76
9.0.1.0248

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Outbrowse
8.15.09.05.05

herdProtect (fuzzy)
2015.9.5.17

IKARUS anti.virus
PUA.SearchProtect
t3scan.1.9.5.0

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.1471

Malwarebytes
PUP.Optional.OutBrowse
v2015.09.05.05

McAfee
Program.Adware-OutBrowse.e
5600.6651

MicroWorld eScan
Gen:Variant.Application.Bundler.Outbrowse.1
16.0.0.744

Quick Heal
Adware.NSIS.OutBrowse.A
9.15.14.00

VIPRE Antivirus
Threat.4823950
39354

File size:
572.5 KB (586,248 bytes)

File type:
Executable application (Win16 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\java_runtime_enviroment_setup.exe.exe

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win16

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:xM+K03A9Dt11TCVMz+jFUeC3Cwi+67iQ1hEkDB:xkMU5CVTkDi77i6Dt

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9705

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file java_runtime_enviroment_setup.exe.exe has been seen being distributed by the following URL.

Remove java_runtime_enviroment_setup.exe.exe - Powered by Reason Core Security