home

offer_7941.exe

ProplusExtender

SeeWeblists

The application offer_7941.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from americanrapid.com.
Publisher:
SeeWeblists

Product:
ProplusExtender

Version:
4.2.0.665

MD5:
0e912dac3ae60d44ec2809970e7edfa6

SHA-1:
3669fef63e3ece137ec657912e5375e5da660611

SHA-256:
ed84ac11da2b3bf76c303812596629344f3dea2ebd93365a2be0930864b43a68

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/28/2024 2:42:08 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.179647
5741931

Agnitum Outpost
PUA.Similagro
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.06.11

Arcabit
Trojan.Adware.Graftor.D2BDBF
1.0.0.425

AVG
Adware Generic6.YGF
2014.0.4311

Bitdefender
Gen:Variant.Adware.Graftor.179647
1.0.20.805

Comodo Security
Application.Win32.AdWare.Similagro.EA
22406

Dr.Web
Threat.Undefined
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.179647
10.0.0.5366

ESET NOD32
Win32/Adware.Similagro.E application
7.0.302.0

F-Secure
Gen:Variant.Adware.Graftor
5.14.151

G Data
Gen:Variant.Adware.Graftor.179647
15.6.25

IKARUS anti.virus
PUA.Similagro
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.204.16199

Kaspersky
not-a-virus:AdWare.Win32.Similagro
15.0.0.543

Malwarebytes
PUP.Optional.ProPlusExtender.A
v2015.06.10.03

MicroWorld eScan
Gen:Variant.Adware.Graftor.179647
16.0.0.483

NANO AntiVirus
Riskware.Win32.Similagro.dpewpg
0.30.24.2086

Norman
Gen:Variant.Adware.Graftor.179647
02.06.2015 14:23:46

Vba32 AntiVirus
AdWare.Similagro
3.12.26.4

File size:
98.7 KB (101,051 bytes)

Product version:
4.2.0.665

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
10/7/2014 7:40:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:aM1BjoYNXoKDIJBXJPLGj8uZK7s6qeLuOHiT8I4f6cfxjgB26+TO:aMMYNXqBBij8iK7pqeLhCIZCcJM2HTO

Entry address:
0x30B6

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 1C, 71, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 09, A3, 98, 37, 42, 00, E8, A8, 2D, 00, 00, A3, E4, 36, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, 98, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, E0, 2E, 42, 00, E8, 52, 2A, 00, 00, FF, 15, 20, 71, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 40, 2A...
 
[+]

Entropy:
7.6841

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file offer_7941.exe has been seen being distributed by the following URL.

http://americanrapid.com/.../offer_7941.exe

Remove offer_7941.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.