home

microsoft toolkit final.exe

The application microsoft toolkit final.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup program which is used to install the application. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from doc-10-90-docs.googleusercontent.com and multiple other hosts.
MD5:
ee9154290b87e5fc99fd0199dfa3386d

SHA-1:
79fa0f9840dd9271b5b178ac801807b338137008

SHA-256:
e0f5cb1300a0794bdf7df263b584e034e174c1926eb8bbcb651e90813a7d609d

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/15/2024 12:59:17 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-gen [Adw]
2014.9-150315

Baidu Antivirus
Adware.MSIL.OutBrowse
4.0.3.15315

Bkav FE
HW32.Packed
1.3.0.6379

ESET NOD32
BAT/TrojanClicker.Small.NCJ
9.11287

Kaspersky
not-a-virus:AdWare.MSIL.OutBrowse
14.0.0.2342

McAfee
Artemis!EE9154290B87
5600.6825

Panda Antivirus
Generic Suspicious
15.03.15.12

Trend Micro House Call
TROJ_GEN.R021H07C315
7.2.74

File size:
3 MB (3,108,010 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\microsoft toolkit final.exe

File PE Metadata
Compilation timestamp:
1/31/2011 6:44:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:QQ8MpLYELyX5S6dEmOjjMrpf03klVPnOdciSP2yAv3O7O1PpA5HrG:QQjpLYELqS6dlujgp2IVSciSP2xve76V

Entry address:
0x1D20

Entry point:
55, 8B, EC, 6A, FF, 68, 28, 21, 40, 00, 68, A0, 1E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 88, 20, 40, 00, 59, 83, 0D, 54, 35, 40, 00, FF, 83, 0D, 58, 35, 40, 00, FF, FF, 15, 84, 20, 40, 00, 8B, 0D, CC, 32, 40, 00, 89, 08, FF, 15, 80, 20, 40, 00, 8B, 0D, C8, 32, 40, 00, 89, 08, A1, 7C, 20, 40, 00, 8B, 00, A3, 5C, 35, 40, 00, E8, 10, 01, 00, 00, 39, 1D, BC, 32, 40, 00, 75, 0C, 68, 9C, 1E, 40, 00, FF, 15, 78, 20...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
4 KB (4,096 bytes)

The file microsoft toolkit final.exe has been seen being distributed by the following 6 URLs.

https://doc-10-90-docs.googleusercontent.com/docs/securesc/r8a6bgbdbde200uvjd6okvpsqe1i5ik1/dkubbksso7c1ugvj33ctd4fh59vovook/1424714400000/00539701607509081342/.../0B9q6O01x_1VQcjBwc0s4V3BTTEU?e=download

https://doc-10-9o-docs.googleusercontent.com/docs/securesc/qimu038l7okf2f87ha5fm7tgs5arfkb7/aan95u5t98erujdfhk57c3m86hk4lv5p/1424707200000/00539701607509081342/.../0B9q6O01x_1VQcjBwc0s4V3BTTEU?e=download&nonce=1vbl5f8gufan6&user=16489758488350576406&hash=rdc38grmb0sa1q7vuhbqv7ejtoac4dmi

https://docs.google.com/nonceSigner?nonce=1vbl5f8gufan6&continue=https://doc-10-9o-docs.googleusercontent.com/docs/securesc/qimu038l7okf2f87ha5fm7tgs5arfkb7/aan95u5t98erujdfhk57c3m86hk4lv5p/1424707200000/00539701607509081342/.../0B9q6O01x_1VQcjBwc0s4V3BTTEU?e=download&hash=vjvnn8hor3fcdira1sngqdlokcsq14q5

https://doc-10-9o-docs.googleusercontent.com/docs/securesc/qimu038l7okf2f87ha5fm7tgs5arfkb7/aan95u5t98erujdfhk57c3m86hk4lv5p/1424707200000/00539701607509081342/.../0B9q6O01x_1VQcjBwc0s4V3BTTEU?e=download

https://drive.google.com/uc?export=download&id=0B9q6O01x_1VQcjBwc0s4V3BTTEU

http://smarturl.it/mstoolkit

Remove microsoft toolkit final.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.