setup.exe

File

beSt Install tLL

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application setup.exe by beSt Install tLL has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from get.0107design.info.
Publisher:
beSt Install tLL  (signed and verified)

Product:
File

Version:
1.9.3.0

MD5:
0ef6b75643d511d8ce4247508cdc75d5

SHA-1:
762260a21dc8996ef4111eb8c21ed6ca0f1b97f3

SHA-256:
d8ac032870063b2643c23407d1c3ba5ea8818a0d26d8ac35087cab6344f23c78

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 4:31:46 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Outbrowse.BA
5738457

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.05.02

AVG
Downloader
2016.0.3122

Bitdefender
Application.Bundler.Outbrowse.BA
1.0.20.610

Dr.Web
Trojan.OutBrowse.487
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.Outbrowse.BA
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
5/2/2015

F-Secure
Application.Bundler.Outbrowse
11.2015-02-05_7

G Data
Application.Bundler.Outbrowse.BA
15.5.25

McAfee
Program.Adware-OutBrowse.e
16.8.708.2

MicroWorld eScan
Application.Bundler.Outbrowse.BA
16.0.0.366

NANO AntiVirus
Trojan.Win32.OutBrowse.dpuzhb
0.30.24.1357

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Quick Heal
Adware.NSIS.OutBrowse.A
5.15.14.00

Reason Heuristics
Threat.Outbrowse.Bundler
15.5.1.22

Sophos
Generic PUA EB
4.98

SUPERAntiSpyware
Adware.OutBrowse/Variant
9901

Trend Micro House Call
Suspici.FCDBA93D
7.2.122

VIPRE Antivirus
Threat.5085447
39676

File size:
1 MB (1,100,064 bytes)

Product version:
1.9.3.0

Copyright:
File

Original file name:
Ionic.Zip-2015Apr29-064818-adcdd421-0a62-4c68-88e9-3e70a081b8d4.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
4/25/2015 7:00:00 PM

Valid to:
1/27/2016 5:59:59 PM

Subject:
CN=beSt Install tLL, O=beSt Install tLL, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
2B82BB33ADE637392661D10D6E6A48C6

File PE Metadata
Compilation timestamp:
4/29/2015 1:48:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:9bSaE4mvt/s5jZDMLMZUJjwmbCPnsMwK1mVdL5W:9bSv4mvqdZDmMZUJUmywK1mV

Entry address:
0x75F3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.5476

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
464 KB (475,136 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security