Setup.exe

Safe Click Lol

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file Setup.exe by Safe Click Lol has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
Safe Click Lol  (signed and verified)

MD5:
5fe0091a028ac762e2fef42783674e6f

SHA-1:
6b8a44ed6d1c4721b55e78dca74e2775f2c3caa8

SHA-256:
ebe3af943674d0350911f88cc9f9f4877b5bf3924fe521b7378a418c7955ca4b

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 4:43:10 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Outbrowse.1
6502278

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.217.16

avast!
OutBrowse-HF [PUP]
150101-1

AVG
Potentially harmful program Downloader.DJN
2014.0.4257

Bitdefender
Gen:Variant.Application.Bundler.Outbrowse.1
1.0.20.360

Dr.Web
infected with Trojan.OutBrowse.92
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Outbrowse
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
3/13/2015

F-Secure
Gen:Variant.Adware.Zusy
5.13.68

G Data
Gen:Variant.Application.Bundler.Outbrowse
15.3.25

K7 AntiVirus
Unwanted-Program
13.200.15259

McAfee
Program.Adware-OutBrowse.e
16.8.708.2

MicroWorld eScan
Gen:Variant.Application.Bundler.Outbrowse.1
16.0.0.216

NANO AntiVirus
Trojan.Win32.OutBrowse.dnpjkd
0.30.0.296

Reason Heuristics
PUP.Bundler.Outbrowse
15.3.13.16

Trend Micro House Call
Suspici.CA60B70D
7.2.72

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.3

VIPRE Antivirus
Threat.4150696
38050

File size:
599.2 KB (613,600 bytes)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
2/4/2015 6:00:00 PM

Valid to:
1/27/2016 5:59:59 PM

Subject:
CN=Safe Click Lol, O=Safe Click Lol, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0113B280254155278C27A31712365932

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:Hm/Tu20N+tS3rL2f4iSYhtPt7d/OS0U22OtJlZeI1ehZOO:HmRqIXDpr+3jlAI

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9458

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove Setup.exe - Powered by Reason Core Security