niepotwierdzony 717888.crdownload

BEst app

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file niepotwierdzony 717888.crdownload by BEst app has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the OutBrowse Revenyou installer.
Publisher:
EYFNP  (signed by BEst app)

Product:
EYFNP

Version:
4997.15614.886.449

MD5:
ea3d16ab20abef01d10a69e78548bccf

SHA-1:
1e19f788b27a8c7093666f358c153e7c74f1307f

SHA-256:
a6da358170fe39d190131c84e35ccf11593300cc759f3b075c4b5213c7b6e58e

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 6:58:57 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse (M)
16.8.23.16

File size:
791.8 KB (810,832 bytes)

Product version:
4997.15614.886.449

Copyright:
EYFNP

Trademarks:
EYFNP

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\niepotwierdzony 717888.crdownload

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
6/11/2015 2:00:00 AM

Valid to:
12/18/2015 12:59:59 AM

Subject:
CN=BEst app, O=BEst app, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6A88EF866C22387C2B46530FC448B4B9

File PE Metadata
Compilation timestamp:
12/5/2009 11:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:RkBJnEUXRd/I6Iw8sjDIvl6C22sNzQtZmmoiA86:NkdLyseB2tSrm3W

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove niepotwierdzony 717888.crdownload - Powered by Reason Core Security