setup.exe

File

tRusted AppS ddd

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application setup.exe by tRusted AppS ddd has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from get.0119b.info.
Publisher:
tRusted AppS ddd  (signed and verified)

Product:
File

Version:
1.9.3.0

MD5:
2add24809694c5cb4e0a521317815a5c

SHA-1:
e10d963fbf9427aa02b6ee3da5b842a84674d793

SHA-256:
9f54fea4f256a350826080f330a55b5c421c0046aed131a97bc6399397f983c4

Scanner detections:
28 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 5:02:33 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Outbrowse.BE
5687364

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.06.07

Avira AntiVirus
PUA/Outbrowse.Gen
8.3.1.6

Arcabit
Application.Bundler.Outbrowse.BE
1.0.0.425

AVG
Potentially harmful program Downloader.GCA
2014.0.4311

Bitdefender
Application.Bundler.Outbrowse.BE
1.0.20.785

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.OutBrowse.544
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.Outbrowse.BE
10.0.0.5366

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
6/6/2015

F-Secure
Riskware.Application.Bundler.Outbrowse
5.14.151

G Data
Application.Bundler.Outbrowse.BE
15.6.25

K7 AntiVirus
Unwanted-Program
13.204.16151

Malwarebytes
PUP.Optional.OutBrowse
v2015.06.06.11

McAfee
Adware-OutBrowse.g
5600.6742

MicroWorld eScan
Application.Bundler.Outbrowse.BE
16.0.0.471

NANO AntiVirus
Trojan.Win32.OutBrowse.dqewmc
0.30.24.1636

Norman
Application.Bundler.Outbrowse.BE
02.06.2015 14:23:46

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Quick Heal
PUA.OutBrowse.A
6.15.14.00

Reason Heuristics
PUP.Outbrowse.Bundler
15.6.6.23

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Adware.OutBrowse/Variant
9829

Trend Micro House Call
TROJ_GE.ED9C4F74
7.2.157

Trend Micro
TROJ_GE.ED9C4F74
10.465.06

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.4

VIPRE Antivirus
Threat.4150696
40830

File size:
1.1 MB (1,101,968 bytes)

Product version:
1.9.3.0

Copyright:
File

Original file name:
Ionic.Zip-2015May01-192803-5d09a552-eff0-443f-860c-fcfc162ab50f.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
4/30/2015 3:00:00 AM

Valid to:
1/28/2016 1:59:59 AM

Subject:
CN=tRusted AppS ddd, O=tRusted AppS ddd, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
375A93F9805D5B8760A53A325988FC9C

File PE Metadata
Compilation timestamp:
5/1/2015 10:28:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:OMiy4IadS4ms5I6e66fEheKhTsuaWYFoKZvKpaRHbEF/urKJvQ7fcOYVq96Q5T0t:ObSaE4mvt/m9fY3cAqml7MY0537

Entry address:
0x75F3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.5490

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
464 KB (475,136 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security