ramrush.exe

OutBrowse

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application ramrush.exe by OutBrowse has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from cdn.file2desktop.com.
Publisher:
OutBrowse  (signed and verified)

MD5:
1af61aa8477a47831b048cf660625944

SHA-1:
6b8a95266dbd36dac7428ab91397d08eae529264

SHA-256:
391fd092a6609f6ac70c8d33a54c1cef0f7c30e0375c155e183510fc20e8f2b6

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 4:59:21 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.OutBrowse
2014.0.3617

Comodo Security
Application.Win32.OutBrowse.~B
17491

Dr.Web
Adware.Downware.1664
9.0.1.0356

ESET NOD32
Win32/OutBrowse (variant)
7.9190

Fortinet FortiGate
Riskware/NSIS_OutBrowse
12/22/2013

herdProtect (fuzzy)
2013.12.25.23

K7 AntiVirus
Unwanted-Program
13.174.10623

Malwarebytes
PUP.Optional.Smart
v2013.12.22.12

McAfee
Artemis!C3015E208473
5600.7273

NANO AntiVirus
Trojan.Win32.OutBrowse.crkqqe
0.28.0.57029

Reason Heuristics
PUP.OutBrowse.H
14.8.7.20

Sophos
Generic PUA DH
4.96

Trend Micro House Call
TROJ_GEN.F47V1130
7.2.356

Vba32 AntiVirus
Downloader.OutBrowse
3.12.24.3

VIPRE Antivirus
OutBrowse
24706

ViRobot
Trojan.Win32.Agent.87672
2011.4.7.4223

XVirus List
Win32.Detected
2.8.7

File size:
614.2 KB (628,984 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\ramrush.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/24/2013 3:00:00 AM

Valid to:
10/25/2014 2:59:59 AM

Subject:
CN=OutBrowse, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OutBrowse, L=Ramat Gan, S=Ramat Gan, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
56A6FE571611B68C9224798AD62913CA

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:pV5cWN3aPbD3x6imu00ufz6HSkdxvN+RrA55N2uSgcbUe6Q8SAEe3nTJlD:pjrNKPbDVmH0uf+HSkHl+RsnNFSgcD6z

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9746

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file ramrush.exe has been seen being distributed by the following URL.

Remove ramrush.exe - Powered by Reason Core Security