little_privacy_cleaner_06_25_2013.exe

Little Privacy Cleaner

Nicholas Hamnett

The application little_privacy_cleaner_06_25_2013.exe, “Open source privacy cleaner” by Nicholas Hamnett has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from getlittleapps.com.
Publisher:
Little Apps  (signed by Nicholas Hamnett)

Product:
Little Privacy Cleaner

Description:
Open source privacy cleaner

Version:
0.1.1

MD5:
f587e280d0ba479a6c5404a4bde56e57

SHA-1:
f588a107aa937629274788d95bde9a762ba61eec

SHA-256:
0ba07ebd33b271e5c0c975377be3e288ab4cf539505c7325fbbff4251bec48c0

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/26/2024 11:35:11 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Trojan.Generic.11672330
853

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.174.236

avast!
NSIS:OutBrowse-D [PUP]
2014.9-141004

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.14104

Dr.Web
Trojan.Packed.28709
9.0.1.0277

ESET NOD32
Win32/OutBrowse.AJ (variant)
8.10472

F-Secure
Dropped:Trojan.Generic.11672330
11.2014-04-10_7

K7 AntiVirus
Trojan
13.183.13504

McAfee
Artemis!F587E280D0BA
5600.6987

MicroWorld eScan
Dropped:Trojan.Generic.11672330
15.0.0.831

NANO AntiVirus
Trojan.Win32.OutBrowse.deinil
0.28.2.62286

Panda Antivirus
Trj/Chgt.G
14.10.04.09

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Sophos
Generic PUA IL
4.98

Trend Micro House Call
Suspici.12797D5E
7.2.277

File size:
5.2 MB (5,482,056 bytes)

Copyright:
Copyright © Little Apps 2008-2013

Trademarks:
Little Apps are licensed under the GNU General Public License v3

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\_chrome downloads\little_privacy_cleaner_06_25_2013.exe

Digital Signature
Authority:
StartCom Ltd.

Valid from:
4/11/2014 2:07:27 AM

Valid to:
4/10/2016 6:06:36 AM

Subject:
E=nick@little-apps.org, CN=Nicholas Hamnett, L=Calgary, S=Alberta, C=CA, Description=9k6ekwkCO7QG1GnN

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0E0C

File PE Metadata
Compilation timestamp:
4/10/2010 8:19:38 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:uh+9RkuE7hF9jYz3C+7dfIumaz73YRQmFIK5ymmz0QbIczbF//ymZNX6sY:uhIk56z3xJf3oF5c0lczwmZw

Entry address:
0x3415

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, B3, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, B2, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, A0, 32, 47, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, C0, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Entropy:
7.9980

Packer / compiler:
Nullsoft install system v2.x

Code size:
26 KB (26,624 bytes)

The file little_privacy_cleaner_06_25_2013.exe has been seen being distributed by the following URL.

Remove little_privacy_cleaner_06_25_2013.exe - Powered by Reason Core Security