setup.exe

Best app

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application setup.exe by Best app has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from 7769domain.com.
Publisher:
Best app  (signed and verified)

MD5:
3a4f6e66670027da60ae4c266c916ca9

SHA-1:
c599e754644b6781fb5da1d0ec939bca16561f02

SHA-256:
22cf54b9ea7aa355bf99fd6f3190ff7f53ecdad6500388eca396e4a89d8b52b2

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 4:24:52 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
MemScan:Application.Bundler.Outbrowse.AN
5566587

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.05.28

Avira AntiVirus
PUA/Outbrowse.Gen
8.3.1.6

avast!
OutBrowse-FE [PUP]
150525-2

AVG
Generic
2016.0.3096

Bitdefender
MemScan:Application.Bundler.Outbrowse.AN
1.0.20.740

Comodo Security
Application.Win32.OutBrowse.MQPC
22250

Dr.Web
Trojan.OutBrowse.58
9.0.1.05190

Emsisoft Anti-Malware
MemScan:Application.Bundler.Outbrowse.AN
10.0.0.5366

ESET NOD32
Win32/OutBrowse.BQ potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
5/28/2015

F-Secure
Riskware.MemScan:Application.Bundler.Outbrowse
5.14.151

G Data
MemScan:Application.Bundler.Outbrowse.AN
15.5.25

K7 AntiVirus
Trojan
13.204.16051

Malwarebytes
PUP.Optional.OutBrowse
v2015.05.28.04

McAfee
Program.Adware-OutBrowse.e
18.0.204.0

MicroWorld eScan
MemScan:Application.Bundler.Outbrowse.AN
16.0.0.444

NANO AntiVirus
Trojan.Win32.OutBrowse.dlwssj
0.30.24.1636

Quick Heal
Adware.NSIS.OutBrowse.A
5.15.14.00

Reason Heuristics
PUP.Outbrowse.Bundler
15.5.27.21

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.4

VIPRE Antivirus
Threat.4657539
40552

File size:
580.9 KB (594,832 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
12/16/2014 4:00:00 PM

Valid to:
12/17/2015 3:59:59 PM

Subject:
CN=Best app, O=Best app, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
30BCCA0188EBA5E04F507F7E5C0B999C

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:wXXQSvVQx9lHXzZF+pV87GhuiClOoBbnE8gIAzt+N0D:wXXQSvex9ZXzn+p4iClOCbzQt+Y

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9742

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security