uh hack v1.1.7.exe

Yes Apps

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application uh hack v1.1.7.exe by Yes Apps has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from get.file20desktop.com.
Publisher:
Yes Apps  (signed and verified)

MD5:
33f8840f602ef766ac4b23a5e5f52e68

SHA-1:
55924787fdf02541a90806f293fa91cbc6c4ecf5

SHA-256:
c26508048754ad3d74465cd6d8efb5dbf2c1ef67c59080fb5a5bfb0e7d4f0b7a

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/24/2024 5:02:19 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2014.12.24

Avira AntiVirus
APPL/Outbrowse.Gen
7.11.197.154

AVG
Potentially harmful program Downloader.CVJ
2014.0.4235

ESET NOD32
Win32/OutBrowse.BN potentially unwanted application
7.0.302.0

K7 AntiVirus
Trojan
13.188.14426

Malwarebytes
PUP.Optional.OutBrowse
v2014.12.23.05

Reason Heuristics
PUP.YesApps.M
14.12.23.16

Trend Micro House Call
Suspici.D7386B62
7.2.357

File size:
583.3 KB (597,280 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\uh hack v1.1.7.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
12/16/2014 6:00:00 PM

Valid to:
12/17/2015 5:59:59 PM

Subject:
CN=Yes Apps, O=Yes Apps, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
09183CB6D2B76F4BEF1BA013E2A2DBE1

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:7xsMg7HpTI6YxAmWDpBhKbVbSKzv+R+6da+YjcUyzRRJ1pJl866Fx:7CpJTPYx/axUVbnzw+6dz4LG7l8Z

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9739

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file uh hack v1.1.7.exe has been seen being distributed by the following URL.

Remove uh hack v1.1.7.exe - Powered by Reason Core Security