home

opera 20.0.1387.91.exe

Click Yes

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application opera 20.0.1387.91.exe by Click Yes has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from get.file24desktop.com.
Publisher:
Click Yes  (signed and verified)

MD5:
65186ecc3d83a0a2d3e9789a5ebd5796

SHA-1:
5c775025463936709e73b54b8a2c0d8b06cb7d95

SHA-256:
6ed14a032906e0feb6f957e45ffb07cff0dbef21e1c50e95e194008ebee6aaec

Scanner detections:
26 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
2/24/2025 4:23:34 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Outbrowse.1
5976087

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.05.07

avast!
Rootkit-gen [Rtk]
2014.9-150506

AVG
Generic
2016.0.3117

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.1584

Bitdefender
Application.Bundler.Outbrowse.BA
1.0.20.630

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.AltBrowse.HY
22023

Dr.Web
Trojan.OutBrowse.6
9.0.1.0126

Emsisoft Anti-Malware
Application.Bundler.Outbrowse.BA
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BJ potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
5/6/2015

F-Secure
Gen:Variant.Adware.Mikey
5.13.68

G Data
Application.Bundler.Outbrowse.BA
15.5.25

herdProtect (fuzzy)
variant of installer_adobe_flash_player_english (41).exe (Adware)
2015.8.4.17

K7 AntiVirus
Unwanted-Program
13.185.14098

Malwarebytes
PUP.Optional.OutBrowse
v2015.05.06.03

McAfee
Adware-OutBrowse.c
5600.6773

MicroWorld eScan
Application.Bundler.Outbrowse.BA
16.0.0.378

NANO AntiVirus
Trojan.Win32.OutBrowse.djogzg
0.30.24.1357

Quick Heal
Adware.NSIS.OutBrowse.A
5.15.14.00

Reason Heuristics
Threat.Outbrowse.Bundler
15.5.6.11

Rising Antivirus
PE:Trojan.Win32.Generic.18324F3F!405950271
23.00.65.15504

Sophos
PUA 'OutBrowse Revenyou'
5.14

VIPRE Antivirus
Threat.4784459
35010

File size:
574.9 KB (588,696 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\opera 20.0.1387.91.exe

Digital Signature
Signed by:
Click Yes

Authority:
GlobalSign nv-sa

Valid from:
11/5/2014 7:07:31 PM

Valid to:
10/22/2015 3:00:12 PM

Subject:
CN=Click Yes, O=Click Yes, L=Dublin, C=IE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112190C87C7B9BFB7AB9CC923A9EA0FD08B2

File PE Metadata
Compilation timestamp:
12/6/2009 2:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:jJpKyRF4ox2GSBxIJqQuSS+bk9ANyE7Q6OB2GAFgPtzVankju:jTcowG4xcF7VbIiv7GB2GAFgPtZs

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9691

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file opera 20.0.1387.91.exe has been seen being distributed by the following URL.

http://get.file24desktop.com/.../Get?p=13481&d=19421&l=18584&n=1&productname=Opera 20.0.1387.91&exeurl=Opera - Download&dynamicname=Opera 20.0.1387.91&filename=Opera 20.0.1387.91&dt=1416465091

Remove opera 20.0.1387.91.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.