setup.exe

Verified Software SNB

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application setup.exe by Verified Software SNB has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
Verified Software SNB  (signed and verified)

MD5:
d9d40fbe58fa170955cea90ba31934c0

SHA-1:
581ebe34ef7a1f68dd23d64b0ba3540d44273254

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/27/2024 2:54:54 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

avast!
Malware-gen
2014.9-150828

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
9.7.0.302.0

K7 AntiVirus
Trojan
13.197.15043

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.1515

Malwarebytes
PUP.Optional.OutBrowse
v2015.08.28.12

McAfee
Program.Adware-OutBrowse.e
5600.6660

NANO AntiVirus
Riskware.Win32.AirAdInstaller.doqpvr
0.30.0.296

Reason Heuristics
PUP.VerifiedSoftwareSNB.Installer (M)
15.7.26.4

Trend Micro House Call
TROJ_GE.AE188441
7.2.240

VIPRE Antivirus
Threat.204214
36694

File size:
598.9 KB (613,272 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\documents and settings\ctc\bureau\setup.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
2/12/2015 1:00:00 AM

Valid to:
1/28/2016 12:59:59 AM

Subject:
CN=Verified Software SNB, O=Verified Software SNB, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6CB1F281915C83420E5A5EF45A1BE6A0

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:yb8xCDchvU6pRxKz9noh4iN2PgWm+4b5eFcruZncjDCeh/:ybKCDuvU6pHh1Mm+HFcunc3Ceh

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove setup.exe - Powered by Reason Core Security