js wansika font.exe

Setup

TRUSTed download tyy

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application js wansika font.exe by TRUSTed download tyy has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from get1.0108tech.info.
Publisher:
TRUSTed download tyy  (signed and verified)

Product:
Setup

Version:
1.9.3.0

MD5:
3035c2cf8f30e89ea106ad208595897a

SHA-1:
b8e79ef57a003528934b8340a706e2ee5442ac9f

SHA-256:
ee31cf9665ddb5e378d0afcb207361026cd7511fc10843937f0d9324fd93779c

Scanner detections:
28 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/23/2024 7:43:49 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Outbrowse.7
5943376

Agnitum Outpost
PUA.OutBrowse
7.1.1

avast!
NSIS:OutBrowse-CU [PUP]
2014.9-150506

AVG
Adware AdPlugin.CUA
2014.0.4311

Bitdefender
Application.Bundler.Outbrowse.BA
1.0.20.630

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
infected with Trojan.OutBrowse.125
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.Outbrowse.BA
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Adware/OutBrowse
5/6/2015

F-Prot
W32/OutBrowse.M
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Bundler
11.2015-06-05_4

G Data
Application.Bundler.Outbrowse.BA
15.5.25

IKARUS anti.virus
PUA.OutBrowse
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.203.15813

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
15.0.0.543

Malwarebytes
PUP.Optional.OutBrowse
v2015.05.06.05

McAfee
Program.Adware-OutBrowse.e
16.8.708.2

MicroWorld eScan
Application.Bundler.Outbrowse.BA
16.0.0.378

NANO AntiVirus
Trojan.Win32.Generic.dorbni
0.30.24.1357

Quick Heal
Adware.NSIS.OutBrowse.A
5.15.14.00

Reason Heuristics
PUP.Outbrowse.Bundler
15.5.6.2

Sophos
PUA 'OutBrowse Revenyou'
5.14

SUPERAntiSpyware
Adware.OutBrowse/Variant
9893

Trend Micro House Call
TROJ_GE.01464D61
7.2.126

Trend Micro
TROJ_GE.01464D61
10.465.06

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.3

VIPRE Antivirus
Threat.5085447
39676

File size:
1.1 MB (1,146,648 bytes)

Product version:
1.9.3.0

Copyright:
Setup

Original file name:
Ionic.Zip-2015Mar05-050338-496818cc-bd35-453b-adfa-b83fe8f8d5c3.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Language:
Language Neutral

Digital Signature
Authority:
thawte, Inc.

Valid from:
3/3/2015 7:00:00 AM

Valid to:
1/28/2016 6:59:59 AM

Subject:
CN=TRUSTed download tyy, O=TRUSTed download tyy, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
57BBED31E2E1A7B903723909513FAB40

File PE Metadata
Compilation timestamp:
3/5/2015 12:03:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:LbSaE4mvt/iprzbpYVTFuFDc6U+RnFe/nP+9ijhScmB:LbSv4mvctKVTQG6UWIDVvm

Entry address:
0x75F3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.5748

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
464 KB (475,136 bytes)

The file js wansika font.exe has been seen being distributed by the following URL.

Remove js wansika font.exe - Powered by Reason Core Security