mp3jam 1.1.1.5 incl portable.exe

DIrEct DowNload gTt

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application mp3jam 1.1.1.5 incl portable.exe by DIrEct DowNload gTt has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the OutBrowse Revenyou installer.
Publisher:
QKBVP  (signed by DIrEct DowNload gTt)

Product:
QKBVP

Version:
8444.1562.1288.1447

MD5:
e5bf9bed9e84de8df1af0724ec8309ed

SHA-1:
538bf5ffefd3a6d0653dd84d6845c242a95d7fba

SHA-256:
8bff4212c0817f8d93fa8be25656852bce078424e4621dd04deb5ec217b52044

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 7:37:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse (M)
16.10.25.15

File size:
660.3 KB (676,136 bytes)

Product version:
8444.1562.1288.1447

Copyright:
QKBVP

Trademarks:
QKBVP

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\mp3jam 1.1.1.5 incl portable.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
5/31/2015 2:00:00 AM

Valid to:
1/28/2016 12:59:59 AM

Subject:
CN=DIrEct DowNload gTt, O=DIrEct DowNload gTt, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5239457324F8D76BE6CBA57F9A47F25B

File PE Metadata
Compilation timestamp:
12/5/2009 11:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:sFSu3tJfmLWpDrQC/aMSPFeqjg9HyYYXYs0HGhfc8vy4hR:sUudBmLaQZ/Uqjg0Yhs0L868

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove mp3jam 1.1.1.5 incl portable.exe - Powered by Reason Core Security