rc69.exe

Safe Software Sll

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application rc69.exe by Safe Software Sll has been detected as adware by 11 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.
Publisher:
Safe Software Sll  (signed and verified)

Version:
2015.24.859.9

MD5:
19f8d3ef5e95b872e6bdcc48ad2e125d

SHA-1:
dcb2aed52e02f96ce4f7c98eafd3d55086e65481

SHA-256:
13012bcb9cdc306b67a5cb33559566f52197e6a5b882ab24e75e70127e951698

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/24/2024 4:35:11 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.06

AVG
Generic
2016.0.3195

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.1525

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.OutBrowse.92
9.0.1.048

ESET NOD32
Win32/OutBrowse.BA potentially unwanted application
7.0.302.0

G Data
Win32.Application.Agent.2NF35Z
15.2.25

K7 AntiVirus
Unwanted-Program
13.193.14895

Reason Heuristics
PUP.Outbrowse
15.2.18.17

Sophos
OutBrowse Revenyou
4.98

VIPRE Antivirus
OutBrowse
37340

File size:
808.7 KB (828,104 bytes)

Product version:
2015.24.859.9

Copyright:
Copyright (C) 2015

Original file name:
2015248599.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\rc69.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
2/5/2015 3:00:00 AM

Valid to:
1/28/2016 2:59:59 AM

Subject:
CN=Safe Software Sll, O=Safe Software Sll, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5D86B00EE6C53705927FED8F867F6A6E

File PE Metadata
Compilation timestamp:
2/4/2015 12:02:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:g0XfGxTZyTFB0EzGrfn/LJUfXQD/ewwy/MtiQRb8+/1:g0XfGx1yTFLGbLJEQD/15MtT8+/1

Entry address:
0x8159B

Entry point:
E8, FA, A9, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 28, D8, 49, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 68, D0, 49, 00, C9, C2, 08, 00, B8, DF, CA, 48, 00, A3, 78, AF, 4B, 00, C7, 05, 7C, AF, 4B, 00, D5, C1, 48, 00, C7, 05, 80, AF, 4B, 00, 89, C1, 48, 00, C7, 05, 84, AF, 4B, 00, C2, C1, 48, 00, C7, 05...
 
[+]

Entropy:
6.6214

Code size:
622 KB (636,928 bytes)

Remove rc69.exe - Powered by Reason Core Security