home

unconfirmed 373347.torchdownload

Yes Apps

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file unconfirmed 373347.torchdownload by Yes Apps has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Yes Apps  (signed and verified)

MD5:
107247046478aa7b7569d03221f32faf

SHA-1:
8577d489dc96fb269aba51ea4b9198d0ea152f2d

SHA-256:
9d80b9b309f08beb79f3f39d0cad7ffcd0fc365df4a7ed4f88e80fac671f6b5d

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 6:54:09 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Trojan.GenericKD.2015134
600

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.194.128

AVG
Downloader
2016.0.3078

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.15615

Bitdefender
Dropped:Trojan.GenericKD.2015134
1.0.20.830

Emsisoft Anti-Malware
Dropped:Trojan.GenericKD.2015134
8.15.06.15.07

ESET NOD32
Win32/OutBrowse.BK
9.10862

Fortinet FortiGate
Riskware/OutBrowse
6/15/2015

F-Secure
Dropped:Trojan.GenericKD.2015134
11.2015-15-06_2

G Data
Dropped:Trojan.GenericKD.2015134
15.6.24

K7 AntiVirus
Unwanted-Program
13.186.14309

Malwarebytes
PUP.Optional.OutBrowse
v2015.06.15.07

McAfee
Artemis!107247046478
5600.6734

MicroWorld eScan
Dropped:Trojan.GenericKD.2015134
16.0.0.498

NANO AntiVirus
Trojan.Win32.OutBrowse.djpwim
0.28.6.63850

nProtect
Dropped:Trojan.GenericKD.2015134
14.12.11.01

Panda Antivirus
Trj/CI.A
15.06.15.07

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Outbrowse.Bundler
15.6.15.7

Sophos
Generic PUA EB
4.98

Trend Micro House Call
Suspici.9564FD6F
7.2.166

VIPRE Antivirus
Trojan.Win32.Generic
35632

File size:
559.5 KB (572,904 bytes)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\unconfirmed 373347.torchdownload

Digital Signature
Signed by:
Yes Apps

Authority:
GlobalSign nv-sa

Valid from:
11/19/2014 1:31:49 AM

Valid to:
11/20/2015 1:31:49 AM

Subject:
CN=Yes Apps, O=Yes Apps, L=Dublin, C=IE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112172AA41CC838C994475C56326A04F3761

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:kCo48od8X2d5/I4yCFVU15PNE3TZtFBFVzlzEBdZ6RdRkk+GT:k+ryX2d2sFgNoxRlzELaxz

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9677

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove unconfirmed 373347.torchdownload - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.