Setup.exe

safe click LOL

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file Setup.exe by safe click LOL has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
safe click LOL  (signed and verified)

MD5:
ff836642141eb1931f21f144fe5ed857

SHA-1:
bdff356444c0d8c8ab2c75c0251a3048d8a33272

SHA-256:
6be9d89150f61ff2b387502676776c024e65d77878272a8406344f7bafef5975

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 5:18:23 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.10

Avira AntiVirus
APPL/Downloader.Gen
7.11.209.28

AVG
Downloader
2016.0.3203

Comodo Security
Application.Win32.AltBrowse.HY
21015

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
2/9/2015

K7 AntiVirus
Trojan
13.194.14904

Malwarebytes
PUP.Optional.OutBrowse
v2015.02.09.12

Reason Heuristics
PUP.Outbrowse
15.2.18.17

Trend Micro House Call
Suspici.B4D1CBB0
7.2.40

File size:
575 KB (588,848 bytes)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
2/2/2015 4:00:00 PM

Valid to:
1/27/2016 3:59:59 PM

Subject:
CN=safe click LOL, O=safe click LOL, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
4FDE5AD324E269DA8C09C2F4DC8B70AF

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:kwjzefB0QXBBbBfI8pRlD0XqQajf5M4/qydNz4ecdaE8hUy+jLL:kEzenXBBbBzLV0aR5MmJdNMeegyf

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9652

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove Setup.exe - Powered by Reason Core Security