» microsoft toolkit 2.5.3.exe
Overview
Analysis
File Details
Downloads (1)

microsoft toolkit 2.5.3.exe

Setup

ViD PLaY

The application microsoft toolkit 2.5.3.exe by ViD PLaY has been detected as adware by 32 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from get.down3245.info.

File name:

Publisher:

ViD PLaY (signed and verified)

Product:

Setup

Version:

1.9.3.0

MD5:

7e90678af4628bec0f8aa23fa4c0c2b4

SHA-1:

1ff81635a7aa0714e24cdedb889d399de527b84e

SHA-256:

7c7a460c3408f76448ee6cec857f386bf3329c1bb63141b55b82539f0b1f869b

Scanner detections:

32 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

11/30/2024 9:11:56 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Dropped:Trojan.Generic.13125770

5686572

Agnitum Outpost

PUA.OutBrowse

7.1.1

Avira AntiVirus

PUA/Outbrowse.Gen

8.3.1.6

Arcabit

Trojan.Generic.DC8488A

1.0.0.425

avast!

OutBrowse-IJ [PUP]

150602-1

AVG

Adware AdPlugin.CUA

2014.0.4311

Bitdefender

Dropped:Trojan.Generic.13125770

1.0.20.785

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Trojan.OutBrowse.215

9.0.1.05190

Emsisoft Anti-Malware

Dropped:Trojan.Generic.13125770

10.0.0.5366

ESET NOD32

Win32/OutBrowse.BU potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/OutBrowse

6/6/2015

F-Prot

W32/OutBrowse.J (exact, not disinfectable)

4.6.5.141

F-Secure

Trojan.Generic.13125770

11.2015-06-06_7

G Data

Dropped:Trojan.Generic.13125770

15.6.25

IKARUS anti.virus

not-a-virus:AdWare.OutBrowse

t3scan.1.9.5.0

K7 AntiVirus

Unwanted-Program

13.204.16151

Kaspersky

not-a-virus:AdWare.Win32.OutBrowse

15.0.0.543

Malwarebytes

PUP.Optional.OutBrowse

v2015.06.06.02

McAfee

Program.Adware-OutBrowse.e

17.6.569.0

MicroWorld eScan

Dropped:Trojan.Generic.13125770

16.0.0.471

NANO AntiVirus

Trojan.Win32.Generic.dorbni

0.30.24.1636

Norman

Dropped:Trojan.Generic.13125770

02.06.2015 14:23:46

Panda Antivirus

Generic Suspicious

15.06.06.02

Quick Heal

Adware.NSIS.OutBrowse.A

6.15.14.00

Reason Heuristics

PUP.Outbrowse.Installer.Outborwse

15.6.6.14

Sophos

Generic PUA AO

4.98

SUPERAntiSpyware

Adware.OutBrowse/Variant

9830

Trend Micro House Call

TROJ_GE.4A343FF7

7.2.157

Trend Micro

TROJ_GE.4A343FF7

10.465.06

Vba32 AntiVirus

Adware.Outbrowse

3.12.26.4

VIPRE Antivirus

Threat.4823950

40786

File size:

1.1 MB (1,152,208 bytes)

Product version:

1.9.3.0

Setup

Original file name:

Ionic.Zip-2015Mar15-200752-6a436c03-06c4-48d5-a1b4-aa75a334debf.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\microsoft toolkit 2.5.3.exe

Digital Signature

Signed by:

ViD PLaY

Authority:

thawte, Inc.

Valid from:

3/10/2015 12:00:00 AM

Valid to:

12/17/2015 11:59:59 PM

Subject:

CN=ViD PLaY, O=ViD PLaY, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

6559B30CB367EA0752AFDD3F7ACAAD29

File PE Metadata

Compilation timestamp:

3/15/2015 8:07:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:MbSaE4mvt/YvVG9VyiRDsBXumorA0/kJ:MbSv4mv2cVvwYm+AlJ

Entry address:

0x75F3E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.5782

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

464 KB (475,136 bytes)

The file microsoft toolkit 2.5.3.exe has been seen being distributed by the following URL.

http://get.down3245.info/.../1426450071/1426450071?86812934831X19sMTE2bTkuLzApIFw8MCwvMC8jazUsLDMxLyNqNS4laGxnY3NacWpZamQ1Pmd2bGNsXVxKYGZbX2RwHWJ0XXJxZDdgc3JnIi9ZIjFeHypldW50KmVmYmppa25kaypwZ2xrY2NsLWFmaiEqY0xhXWpucWZjcCNRbmdmY2hyJWJ0XSNjcWhZbGdaa11lYjxFY1txbWpsYmwoU2dpZGpnayguJjItKyBeaGpca11lYjxFY1txbWpsYmwoU2dpZGpnayguJjItKyBrPEtgYG5ncG5ebiNTbWZpZ2FxKiooLS0xHWZfZ2s8LSByaG40LyJbaTxfX2wzNQ

Remove microsoft toolkit 2.5.3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.