non confirmé 638906.crdownload

The file non confirmé 638906.crdownload has been detected as a potentially unwanted program by 28 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from s6693.chomikuj.pl.
MD5:
7aaec901a90a1e796ea97eb52bf3ece9

SHA-1:
99ec13e4440056701a6fda6403839d378c4dd848

SHA-256:
a21685b3a7b2efe230a5b9cde84fd8397d8415ac85d17a9d64295b2c43a4cf02

Scanner detections:
28 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/5/2024 12:48:45 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
MemScan:Application.Bundler.Outbrowse.E
804

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
Adware/Win32.Bundler
2014.09.24

Avira AntiVirus
APPL/Downloader.Gen
7.11.173.236

avast!
Other:PUP-gen [PUP]
2014.9-141122

Baidu Antivirus
Hacktool.Win32.Downloader
4.0.3.141122

Bitdefender
MemScan:Application.Bundler.Outbrowse.E
1.0.20.1630

Dr.Web
Adware.Downware.3927
9.0.1.0326

ESET NOD32
Win32/OutBrowse
8.10453

Fortinet FortiGate
Riskware/OutBrowse
11/22/2014

F-Prot
Trojan!9d14
v6.4.7.1.166

F-Secure
MemScan:Application.Bundler.Outbrowse
11.2014-22-11_7

G Data
MemScan:Application.Bundler.Outbrowse
14.11.24

IKARUS anti.virus
PUA.OutBrowse
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.183.13463

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.2906

Malwarebytes
PUP.Optional.OutBrowse
v2014.11.22.05

McAfee
RDN/Generic PUP.x!clh
5600.6938

MicroWorld eScan
MemScan:Application.Bundler.Outbrowse.E
15.0.0.978

NANO AntiVirus
Trojan.Nsis.Download.dcbgnj
0.28.2.62286

Panda Antivirus
Trj/CI.A
14.11.22.05

Qihoo 360 Security
Win32/Application.af9
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.16DA287B!383395963
23.00.65.141120

Sophos
Generic PUA JJ
4.98

Trend Micro House Call
TROJ_SPNR.08GA14
7.2.326

Trend Micro
TROJ_SPNR.08GA14
10.465.22

Vba32 AntiVirus
Downloader.Agent
3.12.26.3

VIPRE Antivirus
OutBrowse
33368

File size:
963.9 KB (987,044 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\non confirmé 638906.crdownload

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:62YzbrTZBqf+3pR2/bg/0fPzWJkUH1acWio5U1e3ib6:SfTjqAR++0nzWJkUVacjPYp

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file non confirmé 638906.crdownload has been seen being distributed by the following URL.

Remove non confirmé 638906.crdownload - Powered by Reason Core Security