» js wansika font.exe
Overview
Analysis
File Details
Downloads (1)

js wansika font.exe

Setup

TRUSTed download tyy

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application js wansika font.exe by TRUSTed download tyy has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from get1.0108tech.info.

File name:

js wansika font.exe

Publisher:

TRUSTed download tyy (signed and verified)

Product:

Setup

Version:

1.9.3.0

MD5:

3035c2cf8f30e89ea106ad208595897a

SHA-1:

b8e79ef57a003528934b8340a706e2ee5442ac9f

SHA-256:

ee31cf9665ddb5e378d0afcb207361026cd7511fc10843937f0d9324fd93779c

Scanner detections:

28 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

11/23/2024 7:43:49 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Outbrowse.7

5943376

Agnitum Outpost

PUA.OutBrowse

7.1.1

avast!

NSIS:OutBrowse-CU [PUP]

2014.9-150506

AVG

Adware AdPlugin.CUA

2014.0.4311

Bitdefender

Application.Bundler.Outbrowse.BA

1.0.20.630

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

infected with Trojan.OutBrowse.125

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.Outbrowse.BA

9.0.0.4799

ESET NOD32

Win32/OutBrowse.BU potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/OutBrowse

5/6/2015

F-Prot

W32/OutBrowse.M

v6.4.7.1.166

F-Secure

Gen:Variant.Application.Bundler

11.2015-06-05_4

G Data

Application.Bundler.Outbrowse.BA

15.5.25

IKARUS anti.virus

PUA.OutBrowse

t3scan.1.8.9.0

K7 AntiVirus

Unwanted-Program

13.203.15813

Kaspersky

not-a-virus:AdWare.Win32.OutBrowse

15.0.0.543

Malwarebytes

PUP.Optional.OutBrowse

v2015.05.06.05

McAfee

Program.Adware-OutBrowse.e

16.8.708.2

MicroWorld eScan

Application.Bundler.Outbrowse.BA

16.0.0.378

NANO AntiVirus

Trojan.Win32.Generic.dorbni

0.30.24.1357

Quick Heal

Adware.NSIS.OutBrowse.A

5.15.14.00

Reason Heuristics

PUP.Outbrowse.Bundler

15.5.6.2

Sophos

PUA 'OutBrowse Revenyou'

5.14

SUPERAntiSpyware

Adware.OutBrowse/Variant

9893

Trend Micro House Call

TROJ_GE.01464D61

7.2.126

Trend Micro

TROJ_GE.01464D61

10.465.06

Vba32 AntiVirus

AdWare.OutBrowse

3.12.26.3

VIPRE Antivirus

Threat.5085447

39676

File size:

1.1 MB (1,146,648 bytes)

Product version:

1.9.3.0

Setup

Original file name:

Ionic.Zip-2015Mar05-050338-496818cc-bd35-453b-adfa-b83fe8f8d5c3.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

OutBrowse Revenyou

Language:

Language Neutral

Digital Signature

Signed by:

TRUSTed download tyy

Authority:

thawte, Inc.

Valid from:

3/3/2015 7:00:00 AM

Valid to:

1/28/2016 6:59:59 AM

Subject:

CN=TRUSTed download tyy, O=TRUSTed download tyy, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

57BBED31E2E1A7B903723909513FAB40

File PE Metadata

Compilation timestamp:

3/5/2015 12:03:38 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:LbSaE4mvt/iprzbpYVTFuFDc6U+RnFe/nP+9ijhScmB:LbSv4mvctKVTQG6UWIDVvm

Entry address:

0x75F3E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.5748

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

464 KB (475,136 bytes)

The file js wansika font.exe has been seen being distributed by the following URL.

http://get1.0108tech.info/.../1425531813/1425531813?65095190975YWB0LS8 Zz0oLC0wMCZbODAvOS4pIWY4MS8sMTAmZTYsIGtyZl90WnRlWmhfOEpqJlZYbmpiZlsmRmZpcx1kcGdcZ2RjZVxsXD1BbCZRXG5qZGpYKz1oaW4hZmBnZGVhZF44RG4rTlxtamliWiZAam5rIWMoPSkrIWNeb2U4NB1jYzZiX28yLCF5YHA0Kw

Remove js wansika font.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.