Setup.exe

otOpIa Soft

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file Setup.exe by otOpIa Soft has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
IHBFQ  (signed by otOpIa Soft)

Product:
IHBFQ

Version:
6575.15527.839.6352

MD5:
7b63a5cdff8377fc1196bf37115ab45f

SHA-1:
99b96e2fd696db38a6e42b88414f1be92e48bd99

SHA-256:
c6fdb742e69733296e5e00b924890742356d9f8cb27cd5ee2dee2f46bf582c54

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/25/2024 6:33:37 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.06.01

avast!
Malware-gen
150525-2

AVG
Downloader
2016.0.3092

Dr.Web
infected with Trojan.OutBrowse.705
9.0.1.05190

ESET NOD32
Win32/OutBrowse.CE potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
5/31/2015

K7 AntiVirus
Unwanted-Program
13.204.16089

Reason Heuristics
PUP.Outbrowse.Bundler
15.5.31.16

SUPERAntiSpyware
Adware.OutBrowse/Variant
9841

File size:
743.8 KB (761,672 bytes)

Product version:
6575.15527.839.6352

Copyright:
IHBFQ

Trademarks:
IHBFQ

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
5/25/2015 8:00:00 PM

Valid to:
12/17/2015 6:59:59 PM

Subject:
CN=otOpIa Soft, O=otOpIa Soft, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1BE027B843E848104AAC09658A6D1CA0

File PE Metadata
Compilation timestamp:
12/5/2009 5:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:pZbOR6swLtbNt8c4sjd2FIY0kzITl0wDVkYwZv2PBUGV0u9p1457qURmB7gfc8vk:pZ+Abpjd2B0ewVJjVX9v45ugI186B

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9778

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove Setup.exe - Powered by Reason Core Security