home

Setup.exe

Setup

CONFIRMed app nln

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file Setup.exe by CONFIRMed app nln has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
CONFIRMed app nln  (signed and verified)

Product:
Setup

Version:
1.9.3.0

MD5:
d67a2ac3bf812e0b3de3301e59e5779b

SHA-1:
06325189644ecd2599c21ef9003998580f411a31

SHA-256:
568ad63807144d716f7a517122367dd15a2c61c09eb86e7f2b8ed98d929d64df

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/27/2024 8:52:31 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

avast!
OutBrowse-II [PUP]
150319-1

AVG
AdPlugin
2016.0.3155

Dr.Web
infected with Trojan.OutBrowse.125
9.0.1.05190

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Adware/OutBrowse
3/30/2015

F-Prot
W32/OutBrowse.O (exact, not disinfectable)
4.6.5.141

G Data
NSIS.Application.OutBrowse.AC
15.3.25

IKARUS anti.virus
PUA.OutBrowse
t3scan.1.8.9.0

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
15.0.0.543

Malwarebytes
PUP.Optional.OutBrowse
v2015.03.30.05

McAfee
Program.Adware-OutBrowse.e
16.8.708.2

NANO AntiVirus
Trojan.Win32.Generic.dorbni
0.30.8.659

Quick Heal
Adware.NSIS.OutBrowse.A
3.15.14.00

Reason Heuristics
PUP.Bundler.Outbrowse
15.3.30.5

Sophos
OutBrowse Revenyou
4.98

SUPERAntiSpyware
Adware.OutBrowse/Variant
9967

Trend Micro House Call
TROJ_GE.48B790EA
7.2.89

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.3

File size:
1.1 MB (1,146,752 bytes)

Product version:
1.9.3.0

Copyright:
Setup

Original file name:
Ionic.Zip-2015Mar05-005608-b23e43c6-1fae-40a2-a1d3-b78389de555a.exe

Bundler/Installer:
OutBrowse Revenyou

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
CONFIRMed app nln

Authority:
thawte, Inc.

Valid from:
3/3/2015 12:00:00 AM

Valid to:
1/27/2016 11:59:59 PM

Subject:
CN=CONFIRMed app nln, O=CONFIRMed app nln, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
196C564FD7E1791DDBD704065A22AF92

File PE Metadata
Compilation timestamp:
3/5/2015 12:56:08 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:nbSaE4mvt/vpCd/zXJYV1FUFD8+i+HrBsn5Pk9wBlhX:nbSv4mvZMqV1em+iIwn/J

Entry address:
0x75F3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.5749

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
464 KB (475,136 bytes)

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.