» Setup.exe
Overview
Analysis
File Details

Setup.exe

MAXTEK LLC

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file Setup.exe by MAXTEK has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.

File name:

Setup.exe

Publisher:

MAXTEK LLC (signed and verified)

MD5:

8f7b42b206ca4f7f170b7ad4a93013c7

SHA-1:

3d91229bb938c0430eaa0d90efcf95e0269e8a62

SHA-256:

f3d9603d564a989cdf1e86c9446513618c8f2941851cd7ef63644f92fb984b1a

Scanner detections:

7 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/27/2024 11:26:02 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.OutBrowse

2015.01.02

Avira AntiVirus

APPL/Outbrowse.Gen

7.11.198.230

ESET NOD32

Win32/OutBrowse.BQ potentially unwanted application

7.0.302.0

Malwarebytes

PUP.Optional.OutBrowse

v2015.01.01.05

McAfee

Adware-OutBrowse.d

5600.6899

Reason Heuristics

PUP.Bundler.Outbrowse

15.3.18.1

Trend Micro House Call

Suspici.202D3B0F

7.2.1

File size:

581.1 KB (595,056 bytes)

Bundler/Installer:

OutBrowse Revenyou (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

MAXTEK LLC

Authority:

thawte, Inc.

Valid from:

12/21/2014 6:00:00 PM

Valid to:

12/22/2015 5:59:59 PM

Subject:

CN=MAXTEK LLC, O=MAXTEK LLC, L=Kiev, S=Kiev, C=UA

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

058B5B9DB91E1063D1BF9AB3385D4B88

File PE Metadata

Compilation timestamp:

12/5/2009 4:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:+WU7WDKnE9jWDrxgMB4fqj38Se1FkzlYDanAMWv5S69PLtxoG9N0w:+9CDYEdWXaMBf3de3ClYDaA7vkwxaG95

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9745

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.