setup.exe

File

Click TrUSt OPT

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application setup.exe by Click TrUSt OPT has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from get1.0114design.info.
Publisher:
Click TrUSt OPT  (signed and verified)

Product:
File

Version:
1.9.3.0

MD5:
412517a4ec66414e28e97c3650979ae5

SHA-1:
8f093abe7f548abbe2e52d4724ffb012c0c94f18

SHA-256:
1fa98a1eeb7ce9a415d437ab2b3bef3a6f842ee219e332cde697d1fd320e72ad

Scanner detections:
26 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/16/2024 12:58:59 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Adware.Generic.1227201
6059750

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.05.09

avast!
PUP-gen [PUP]
150414-0

AVG
Potentially harmful program Downloader.FRN
2014.0.4311

Bitdefender
Dropped:Adware.Generic.1227201
1.0.20.640

Dr.Web
Trojan.OutBrowse.414
9.0.1.05190

Emsisoft Anti-Malware
Dropped:Adware.Generic.1227201
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BU potentially unwanted
9.11597

Fortinet FortiGate
Adware/OutBrowse
5/8/2015

F-Prot
W32/OutBrowse.N (exact, not disinfectable)
4.6.5.141

F-Secure
Adware.Generic.1227201
11.2015-08-05_6

G Data
Dropped:Adware.Generic.1227201
15.5.25

IKARUS anti.virus
PUA.OutBrowse
t3scan.1.8.9.0

Malwarebytes
PUP.Optional.OutBrowse
v2015.05.08.06

McAfee
Program.Adware-OutBrowse.e
17.6.569.0

MicroWorld eScan
Dropped:Adware.Generic.1227201
16.0.0.384

NANO AntiVirus
Trojan.Win32.OutBrowse.dqucfx
0.30.24.1357

nProtect
Dropped:Adware.Generic.1227201
15.05.08.01

Quick Heal
Adware.NSIS.OutBrowse.A
5.15.14.00

Reason Heuristics
Threat.Outbrowse.Bundler
15.5.8.14

Sophos
Generic PUA OE
4.98

SUPERAntiSpyware
Adware.OutBrowse/Variant
9887

Trend Micro House Call
TROJ_GE.33EED120
7.2.128

Trend Micro
TROJ_GE.33EED120
10.465.08

VIPRE Antivirus
Threat.5085447
39486

File size:
1.1 MB (1,101,448 bytes)

Product version:
1.9.3.0

Copyright:
File

Original file name:
Ionic.Zip-2015Apr18-134627-64acc32b-460a-48e6-9421-d115d62c43d0.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
4/16/2015 2:00:00 AM

Valid to:
1/28/2016 12:59:59 AM

Subject:
CN=Click TrUSt OPT, O=Click TrUSt OPT, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
52F4B1C640FFECA8F71651F46A27214A

File PE Metadata
Compilation timestamp:
4/18/2015 3:46:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:0Miy4IadS4ms5I6e66fEheKhAs62Se+fEsgasaI8qyemUQBSTgscmS8xGdXOZfvn:0bSaE4mvt/BHeGEwfI8qy7og1pekG1uK

Entry address:
0x75F3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
464 KB (475,136 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security