home

outlast.exe

Femosogu

PlatformPrompt (Alpha Criteria Ltd.)

The application outlast.exe, “Femosogu Setup ” by PlatformPrompt (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.centersharenew.com and multiple other hosts.
Publisher:
PlatformPrompt (Alpha Criteria Ltd.)  (signed and verified)

Product:
Femosogu

Description:
Femosogu Setup

MD5:
eaa2ec2c26e8562924e973c38395be10

SHA-1:
5669199604b36e28add4bff39eb514c111457403

SHA-256:
511ac3e091cfb650f14eda282eeb677e33f09914737f6f113c91a172779a6e3f

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 3:56:07 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.8.10.12

File size:
998.1 KB (1,022,104 bytes)

Product version:
5.3

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\downloads\outlast.exe

Digital Signature
Signed by:
PlatformPrompt (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 2:17:26 PM

Valid to:
9/2/2016 2:02:46 PM

Subject:
CN=PlatformPrompt (Alpha Criteria Ltd.), O=PlatformPrompt (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112111817CD313A533F2A76178D4452F81A6

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:lrilE0JAHXQNk86Iy+dk/bhJUwnogqR6WJKg6dHlvcAb+H4l:l+HJAHgNLUI0bbUwnCR6k6leAvl

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9077

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file outlast.exe has been seen being distributed by the following 2 URLs.

http://www.centersharenew.com/TGa8Y3mKnWZgc_GcdqnbZEGKggEXPkwwd9FaXglH5K_0ab176JaHGwuRPzlyRtrHES0IpYZ6AfmKYW4Ki7 XqvHqTA0ol9bDkw9XnsSspaYnwp7URSB1SyHmFvuHT3vux_Q2tJW7Qq plCgvDVEY4BpvsWe4WZ9vrcORl lNJsGu0Bw9quiHmy35KdOJm1JH4qKexAkT-G00AAGRwXmuLO9WMBgg24MClUB7EpmFjDM_UTr4x9obTvh_tOiiSCDm t SG2zMpzyvlhHpR833_iTUfoX2yC48bQCdhJIOyNMngKA==

http://www.centersharenew.com/MbUIDW6cPUAzLghcXLhGLHLDCKvOlE1anfp9ihdscyKWmk9rXYzW_HXnwD2HdIjJ SfWBS4OPeSjfLImD_y0ckS7FQ7dkqKgcQ6zld2pYAjKwUJy9M4b3ipWDasfOuQnqA3n Sg_mm_ZWAd2IGSRoNS5Q39iDcRIjTlmkkhmTGRmr3Z5cVd8MNxEt7Snn3MhQVy9IP_N-G00AAGRwXmuL22GHZMAGHLgUSgPanWkbyBtDXzjt 9GuQalLdHyvyRNuz6Q r_w p0dFe0sGTap7C 3QLvHnoJNxisU4CqdwEg==

Remove outlast.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.