outlookexpress-setup.exe

Tucows Inc.

The application outlookexpress-setup.exe by Tucows has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from files4.mirror1.info.
Publisher:
Tucows Inc.  (signed and verified)

MD5:
a93affbcf89ffce95ac29cb6f2a01bb5

SHA-1:
77d98ea68a6878c5572fca6274fb8e75a25933a4

SHA-256:
3b71235c12ba58b1fadeb3f8fd22008736db8d13aaac628946dda754b9eda350

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 5:51:29 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.12.25.14

File size:
824.9 KB (844,696 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\outlookexpress-setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/21/2013 3:00:00 AM

Valid to:
8/21/2016 2:59:59 AM

Subject:
CN=Tucows Inc., O=Tucows Inc., STREET=96 Mowat Ave., L=Toronto, S=Ontario, PostalCode=M6K 3M1, C=CA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C1CDCC8140C58C70CBED23B3152004F4

File PE Metadata
Compilation timestamp:
7/15/2014 7:29:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x3345

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 70, 40, 00, 53, FF, 15, 88, 72, 40, 00, 6A, 08, A3, B8, 3C, 42, 00, E8, 2E, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 3B, 42, 00, 8D, 44, 24, 38, 50, 53, 68, 43, 74, 40, 00, FF, 15, 64, 71, 40, 00, 68, 38, 74, 40, 00, 68, C0, 33, 42, 00, E8, 1F, 24, 00, 00, FF, 15, BC, 70, 40, 00, 50, BF, 00, 90, 42, 00, 57, E8, 0D, 24, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file outlookexpress-setup.exe has been seen being distributed by the following URL.

http://files4.mirror1.info/download/.../dl?bc=694637&pid=tucows&brand=tucows.com&country=RO&cb=-317930998&osName=Windows&osVersion=8&browserName=IE&browserVersion=10&zTmp=1

Remove outlookexpress-setup.exe - Powered by Reason Core Security