spyhunter 4.6.1.3664.exe

Salyutem Plyus LLC

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application spyhunter 4.6.1.3664.exe by Salyutem Plyus has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
Salyutem Plyus LLC  (signed and verified)

MD5:
c484beeaa34c2b4ba8bcade13a006c56

SHA-1:
1797a94e9fdef0f755a0bd360c4772f518979094

SHA-256:
64f1f77883a95936abb517a56747a0dc594198047f0c6514974c95596413da40

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/24/2024 7:02:00 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.01.04

Avira AntiVirus
APPL/Downloader.Gen
7.11.199.92

AVG
Generic
2016.0.3240

Dr.Web
Trojan.OutBrowse.55
9.0.1.05190

ESET NOD32
Win32/OutBrowse.BQ potentially unwanted application
7.0.302.0

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
15.0.0.543

Malwarebytes
PUP.Optional.OutBrowse
v2015.01.03.08

McAfee
Adware-OutBrowse.d
5600.6896

Reason Heuristics
PUP.SalyutemPlyus.R
15.1.4.13

Trend Micro House Call
Suspici.202D3B0F
7.2.3

VIPRE Antivirus
Threat.4657539
36340

File size:
581.2 KB (595,104 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Digital Signature
Authority:
thawte, Inc.

Valid from:
12/15/2014 1:00:00 AM

Valid to:
12/16/2015 12:59:59 AM

Subject:
CN=Salyutem Plyus LLC, O=Salyutem Plyus LLC, L=Kharkiv, S=Arkansas, C=UA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6B6BB9E1A48F64F47503D8DCF6A5D0D3

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:QnOG4op5viQukS14RWTxiBi4FtD2PSGTl+S6aF1NSHew321N04:QnOrop5U14RvfQx+S6aF3AewGv

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file spyhunter 4.6.1.3664.exe has been seen being distributed by the following 2 URLs.

Remove spyhunter 4.6.1.3664.exe - Powered by Reason Core Security