niepotwierdzony 659700.crdownload

STarT PLayInG

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file niepotwierdzony 659700.crdownload by STarT PLayInG has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the OutBrowse Revenyou installer.
Publisher:
JOFGP  (signed by STarT PLayInG)

Product:
JOFGP

Version:
3516.1568.808.3318

MD5:
62be1ccb415413522d48c2790cca65dd

SHA-1:
3f22c38fcc1ebf6a34469afdddcc433ca875c710

SHA-256:
87ebe591db206153ab3a9bd0a2249828feb9d4c873c24b4db2a27c1ded956505

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/27/2024 12:18:36 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse.STarTPLa.Bundler (M)
16.6.7.19

File size:
759.4 KB (777,576 bytes)

Product version:
3516.1568.808.3318

Copyright:
JOFGP

Trademarks:
JOFGP

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\niepotwierdzony 659700.crdownload

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
6/4/2015 2:00:00 AM

Valid to:
12/12/2015 12:59:59 AM

Subject:
CN=STarT PLayInG, O=STarT PLayInG, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0A25F4043B5AFC037A5D8F8F38A4E11A

File PE Metadata
Compilation timestamp:
12/5/2009 11:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:vZd7HnDlzD/zet6LYCnTMAtEu2jxhw1kE2JcICFB+9dT28niLetiSfc8vy4hB:vD13etWY+TMiojjMV2JhEKT28niLoifi

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove niepotwierdzony 659700.crdownload - Powered by Reason Core Security