microsoftsetup.exe

Setup

SAfe store btw

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application microsoftsetup.exe by SAfe store btw has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
SAfe store btw  (signed and verified)

Product:
Setup

Version:
1.9.3.0

MD5:
1e288be18bdc45890699cc2dac657b81

SHA-1:
e203f2d96324faeea84cb0852dd86fd4a8fe14c2

SHA-256:
45fd1c0640b4d08763c31d3978309cea7ab890dfb50221c2d5c3d8d0d5826060

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/26/2024 6:58:47 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
PUA/Outbrowse.Gen
7.11.218.126

AVG
Adware AdPlugin.CUA
2014.0.4257

Dr.Web
infected with Trojan.OutBrowse.125
9.0.1.05190

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Adware/OutBrowse
3/19/2015

F-Prot
W32/OutBrowse.O (exact, not disinfectable)
4.6.5.141

G Data
NSIS.Application.OutBrowse.AC
15.3.25

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
15.0.0.543

Malwarebytes
PUP.Optional.OutBrowse
v2015.03.19.02

McAfee
Trojan.Artemis!1E288BE18BDC
16.8.708.2

NANO AntiVirus
Trojan.Win32.Generic.dorbni
0.30.8.659

Sophos
OutBrowse Revenyou
4.98

SUPERAntiSpyware
Adware.OutBrowse/Variant
9988

Trend Micro House Call
TROJ_GE.4975FADD
7.2.78

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.3

File size:
1.1 MB (1,146,632 bytes)

Product version:
1.9.3.0

Copyright:
Setup

Original file name:
Ionic.Zip-2015Mar05-173354-16dc5cba-7786-4c41-be61-fdef041082e8.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\microsoftsetup.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
3/1/2015 1:00:00 AM

Valid to:
1/28/2016 12:59:59 AM

Subject:
CN=SAfe store btw, O=SAfe store btw, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
17CBBE0728CAFFBA17B8BF560EAEFA7E

File PE Metadata
Compilation timestamp:
3/5/2015 6:33:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:hbSaE4mvt/Irx5iLH1KDPNq+k+nGVhlQexOlxv:hbSv4mvO15iLH1KNkQGV7s

Entry address:
0x75F3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.5743

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
464 KB (475,136 bytes)

The file microsoftsetup.exe has been seen being distributed by the following URL.

Remove microsoftsetup.exe - Powered by Reason Core Security