home

unconfirmed 131570.torchdownload

BEst APP

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file unconfirmed 131570.torchdownload by BEst APP has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup.
Publisher:
BEst APP  (signed and verified)

MD5:
f76695df586e683511d946192193b125

SHA-1:
793105b275abb5b0d65e5e6ed4fe847b7e13834f

SHA-256:
bcf1df28c190c05056c507f8abed906b6f26151e3e955d746e910f094af9d562

Scanner detections:
27 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/5/2024 3:26:19 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Outbrowse.1
6312761

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.03.28

Avira AntiVirus
PUA/Outbrowse.Gen
3.6.1.96

avast!
OutBrowse-DF [PUP]
150320-0

AVG
Potentially harmful program Downloader
2016.0.3157

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.15328

Bitdefender
Gen:Variant.Application.Bundler.Outbrowse.1
1.0.20.435

Comodo Security
Application.Win32.AltBrowse.HY
20969

Dr.Web
Trojan.OutBrowse.88
9.0.1.087

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Outbrowse
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
3/28/2015

F-Secure
Adware.Generic.579272
11.2015-28-03_7

G Data
Gen:Variant.Application.Bundler.Outbrowse
15.3.25

herdProtect (fuzzy)
variant of onaylanmayan 2664.crdownload (Adware)
2015.7.2.19

K7 AntiVirus
DoS-Trojan
13.193.14871

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.1796

Malwarebytes
PUP.Optional.OutBrowse.gen
v2015.03.28.04

McAfee
Program.Adware-OutBrowse.e
16.8.708.2

MicroWorld eScan
Gen:Variant.Application.Bundler.Outbrowse.1
16.0.0.261

NANO AntiVirus
Trojan.Win32.OutBrowse.dnkyzt
0.30.0.65070

Quick Heal
Adware.NSIS.OutBrowse.A
3.15.14.00

Reason Heuristics
PUP.Bundler.Outbrowse
15.3.28.4

Trend Micro House Call
TROJ_GEN.R04AH06B215
7.2.87

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.3

VIPRE Antivirus
Threat.4823950
38552

File size:
582.4 KB (596,400 bytes)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\unconfirmed 131570.torchdownload

Digital Signature
Signed by:
BEst APP

Authority:
thawte, Inc.

Valid from:
2/1/2015 11:00:00 AM

Valid to:
12/18/2015 10:59:59 AM

Subject:
CN=BEst APP, O=BEst APP, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0E00C72544927098052AA7DF30906DCB

File PE Metadata
Compilation timestamp:
12/6/2009 9:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:fXLejdCrBnGbADnCojLTVQRLVhYUuGxqH3mb+8YTDjY/XrX:fXLkdCrBGGnpPpQB+gqXmdi2

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9704

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove unconfirmed 131570.torchdownload - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.