setup.exe

Give away SoFtware

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application setup.exe by Give away SoFtware has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup.
Publisher:
OEXPI  (signed by Give away SoFtware)

Product:
OEXPI

Version:
2626.15531.1420.1185

MD5:
e7cdafbe36b9a14250bcb2efcab2c894

SHA-1:
d5a4c479609dde39ef2e47aeaf070077bf44f020

SHA-256:
1df6037c3771a87dba07ed3bb8df50717cc67576aeae8561c280d5512cfc1c98

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/27/2024 1:09:37 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Potentially harmful program Downloader
2016.0.2993

ESET NOD32
Win32/OutBrowse.CE potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
9/7/2015

K7 AntiVirus
Unwanted-Program
13.204.16089

McAfee
Artemis!A8C2389D7ED7
5600.6649

Reason Heuristics
PUP.Outbrowse.GiveawaySoFtware.Bundler (M)
15.8.3.1

File size:
744.3 KB (762,128 bytes)

Product version:
2626.15531.1420.1185

Copyright:
OEXPI

Trademarks:
OEXPI

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
5/28/2015 10:00:00 AM

Valid to:
1/28/2016 10:59:59 AM

Subject:
CN=Give away SoFtware, O=Give away SoFtware, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
42465625194473836755592527927673

File PE Metadata
Compilation timestamp:
12/6/2009 9:52:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:Ehly95D+qSGDBHNLVRsos56CQITnrI5QhleG6OqinhU/IRgAQFV+1il2fc8vy4hN:EK9NS+1NLDjCQIDruQh8G6OJhUYuDN8F

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9839

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove setup.exe - Powered by Reason Core Security