pesedit 2013 patch 8.1 update 2015 2016 legends edition.exe

safe InStAll OPT

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application pesedit 2013 patch 8.1 update 2015 2016 legends edition.exe by safe InStAll OPT has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the OutBrowse Revenyou installer.
Publisher:
XSMMM  (signed by safe InStAll OPT)

Product:
XSMMM

Version:
9026.15910.1363.9927

MD5:
8243dcd6a7acc3d10d863c93b1b74adc

SHA-1:
423f48fb91eb6ec96c7e6e06ee674b3beac032d3

SHA-256:
5314bbad036053db0765b2401a0866a4edbb392ee5863e5bf93679dcf1535548

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 2:15:34 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse (M)
16.12.6.5

File size:
547.4 KB (560,576 bytes)

Product version:
9026.15910.1363.9927

Copyright:
XSMMM

Trademarks:
XSMMM

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\pesedit 2013 patch 8.1 update 2015 2016 legends edition.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
6/30/2015 7:00:00 AM

Valid to:
1/28/2016 6:59:59 AM

Subject:
CN=safe InStAll OPT, O=safe InStAll OPT, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
695B543CAB5F09BA48EDE742F7236A3F

File PE Metadata
Compilation timestamp:
12/6/2009 5:52:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:I4iDvTrnZxtcZIQEF80QvlZc3U7RDFmiZbu9ix:IPrZcmQESVvlZckNFPoI

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)