setup.exe

Give away SoFtware

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application setup.exe by Give away SoFtware has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup.
Publisher:
DJJVU  (signed by Give away SoFtware)

Product:
DJJVU

Version:
5383.15531.1421.5097

MD5:
63a4fd605338b101f2a295b1e2f8a803

SHA-1:
7923aaadf35858beee16888334f33b8a1ee46882

SHA-256:
876386a545daf42dffac3eea62caa222d398b454ac1927f2d4a5bd11a43f582e

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 1:02:23 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Potentially harmful program Downloader.HJE
2014.0.4311

ESET NOD32
Win32/OutBrowse.CE potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
5/31/2015

K7 AntiVirus
Unwanted-Program
13.204.16089

McAfee
Artemis!A8C2389D7ED7
5600.6749

Reason Heuristics
PUP.Outbrowse.Bundler
15.5.31.9

File size:
744.3 KB (762,136 bytes)

Product version:
5383.15531.1421.5097

Copyright:
DJJVU

Trademarks:
DJJVU

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
5/28/2015 3:00:00 AM

Valid to:
1/28/2016 2:59:59 AM

Subject:
CN=Give away SoFtware, O=Give away SoFtware, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
42465625194473836755592527927673

File PE Metadata
Compilation timestamp:
12/6/2009 1:52:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:5Bly95D+qSGDBHNLVRsos56CQITnrI5QhleG6OqinhU/IRgAQFV+1il2fc8vy4hR:5q9NS+1NLDjCQIDruQh8G6OJhUYuDN8J

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9839

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove setup.exe - Powered by Reason Core Security