» videoplayer-setup.exe
Overview
Analysis
File Details
Downloads (1)

videoplayer-setup.exe

File

ConfirmEd app NlN

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application videoplayer-setup.exe by ConfirmEd app NlN has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from get.point0102.info.

File name:

Publisher:

ConfirmEd app NlN (signed and verified)

Product:

File

Version:

1.9.3.0

MD5:

3897c5aa0e3708e038f3ec22d13ee51c

SHA-1:

c423a2c2c7b4b384c8c538d34ff2bd539889f78c

SHA-256:

ac08cb8c78f1cacd940994fa37d26398ca3323b7ad11618fc4f303ccb9a36e1f

Scanner detections:

25 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

12/27/2024 6:53:33 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Dropped:Adware.Outbrowse.E

5651644

Agnitum Outpost

PUA.OutBrowse

7.1.1

AhnLab V3 Security

PUP/Win32.OutBrowse

2015.04.20

Avira AntiVirus

PUA/Outbrowse.Gen

3.6.1.96

avast!

PUP-gen [PUP]

150414-0

AVG

Downloader

2016.0.3134

Bitdefender

Dropped:Adware.Outbrowse.E

1.0.20.545

Dr.Web

infected with Trojan.OutBrowse.296

9.0.1.05190

Emsisoft Anti-Malware

Dropped:Adware.Outbrowse

9.0.0.4799

ESET NOD32

Win32/OutBrowse.BU potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/OutBrowse

4/19/2015

F-Secure

Dropped:Adware.Outbrowse.E

11.2015-19-04_1

G Data

Dropped:Adware.Outbrowse

15.4.25

Malwarebytes

PUP.Optional.OutBrowse

v2015.04.19.08

McAfee

Program.Adware-OutBrowse.e

16.8.708.2

MicroWorld eScan

Dropped:Adware.Outbrowse.E

16.0.0.327

NANO AntiVirus

Trojan.Win32.OutBrowse.dqewlt

0.30.16.1110

nProtect

Dropped:Adware.Outbrowse.E

15.04.17.01

Qihoo 360 Security

HEUR/QVM30.1.Malware.Gen

1.0.0.1015

Quick Heal

Adware.NSIS.OutBrowse.A

4.15.14.00

Reason Heuristics

Threat.Outbrowse.Bundler

15.4.19.16

Sophos

Generic PUA AK

4.98

Trend Micro House Call

TROJ_GE.79D37C4F

7.2.109

Vba32 AntiVirus

Adware.Outbrowse

3.12.26.3

VIPRE Antivirus

Threat.5085447

39354

File size:

1 MB (1,100,576 bytes)

Product version:

1.9.3.0

File

Original file name:

Ionic.Zip-2015Apr11-013302-f80fb32a-1ab6-41ed-ab37-a80289bfa3ae.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

OutBrowse Revenyou

Common path:

C:\users\{user}\downloads\videoplayer-setup.exe

Digital Signature

Signed by:

ConfirmEd app NlN

Authority:

thawte, Inc.

Valid from:

4/8/2015 2:00:00 AM

Valid to:

1/28/2016 12:59:59 AM

Subject:

CN=ConfirmEd app NlN, O=ConfirmEd app NlN, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

371B475FBA1FCEE5E533DC969A78DBE1

File PE Metadata

Compilation timestamp:

4/11/2015 3:33:02 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:ubSaE4mvt/kGIgYNyOMOwPHKKPiJ3PVRVq3Iv:ubSv4mve1NHwv6lRq3u

Entry address:

0x75F3E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

464 KB (475,136 bytes)

The file videoplayer-setup.exe has been seen being distributed by the following URL.

http://get.point0102.info/.../1428715995/1428715995?20812685850ZWVsNDc5aDgrLTAuJlw8LzMvMh5nPS82MTMkaDUrHl5sZ2NjaGI3Hl8pOC0vJlwxOycpIVwuPSsxHmMyNyUsHl81Oy0pJWRjZGBmXG1jPU5oYl9nS2RceWNyJXJjbm1rHmRjbW41MSR0YWs1LQ

Remove videoplayer-setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.