mp3jamsetup.exe

Cyberservices B.V.

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application mp3jamsetup.exe by Cyberservices B.V has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The file has been seen being downloaded from dawwpk9vo4we.cloudfront.net and multiple other hosts.
Publisher:
Cyberservices B.V.  (signed and verified)

MD5:
09fc65af0006bed65ab4c18e30816bfc

SHA-1:
d584271b7e29263bb085bbb80921e8089a024b8f

SHA-256:
d3ff502b5ee68d97ef4701410eb6a2c7f6592e985bbc409fbf41f6ce5febd22f

Scanner detections:
10 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/15/2024 7:43:00 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
Generic_r
2015.0.3419

ESET NOD32
Win32/DownloadGuide (variant)
8.10052

Fortinet FortiGate
Riskware/DownloadGuide
7/8/2014

F-Secure
Adware:W32/Buzzrin
11.2014-08-07_3

IKARUS anti.virus
AdWare.DownloadGuide
t3scan.1.6.1.0

McAfee
Artemis!09FC65AF0006
5600.7075

Reason Heuristics
PUP.Installer.CyberservicesBV.L
14.7.8.13

Total Defense
Win32/Tnega.VBMKZGD
37.0.11042

VIPRE Antivirus
DownloadGuide
31014

File size:
458 KB (469,016 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mp3jamsetup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
2/9/2014 10:00:00 PM

Valid to:
2/10/2016 9:59:59 PM

Subject:
CN=Cyberservices B.V., O=Cyberservices B.V., STREET=Keizersgracht 62-64 NL, L=Amsterdam, S=Nordholland, PostalCode=1015CS, C=NL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
797CAC4561E8B8B21910CD01E0002669

File PE Metadata
Compilation timestamp:
6/6/2014 4:59:28 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:rqiYD1rcPt3QC/8Y5LUjUJIDaM+zTlztEtuKGdk8yF6GH8VPflPraKm33Bo0WtCb:rYcPtTX5RYX+zZ4vuVX1Hh0WtC7uM1vf

Entry address:
0x1C994

Entry point:
E8, A0, 48, 00, 00, E9, 89, FE, FF, FF, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 0C, DE, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF...
 
[+]

Code size:
170.5 KB (174,592 bytes)

The file mp3jamsetup.exe has been seen being distributed by the following 2 URLs.

Remove mp3jamsetup.exe - Powered by Reason Core Security