home

Setup.exe

TRUStEd ApPs ddd

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file Setup.exe by TRUStEd ApPs ddd has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
KNTPD  (signed by TRUStEd ApPs ddd)

Product:
KNTPD

Version:
2749.15525.1338.1103

MD5:
60ca63d0f433b15f0d163bc6ac36fce7

SHA-1:
b88b4ec6a26050cd68033d3ce079b96fd3e05af0

SHA-256:
24684e1ee50e6fa79ae86baaf3145ada0325f1c65fb5109e2bf8e007e9cfa06c

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/12/2025 10:30:04 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Outbrowse.BI
5575208

AVG
Potentially harmful program Downloader.GYI
2014.0.4311

Dr.Web
Trojan.OutBrowse.697
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.Outbrowse.BI
10.0.0.5366

ESET NOD32
Win32/OutBrowse.CB potentially unwanted application
7.0.302.0

Reason Heuristics
PUP.Outbrowse.Bundler
15.5.28.19

File size:
645.1 KB (660,624 bytes)

Product version:
2749.15525.1338.1103

Copyright:
KNTPD

Trademarks:
KNTPD

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
TRUStEd ApPs ddd

Authority:
thawte, Inc.

Valid from:
5/17/2015 6:00:00 PM

Valid to:
1/27/2016 4:59:59 PM

Subject:
CN=TRUStEd ApPs ddd, O=TRUStEd ApPs ddd, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
7901BD185DAF48707414C0034DAD00F6

File PE Metadata
Compilation timestamp:
12/5/2009 3:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:ItXC8LXjIpCwSUbS81NAiq01t95mRYhhlfc8vy4h:Ity8L8pkUemNdq0B5Lhs86

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9673

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.