vroot.exe

File

clIcK TruSt OpT

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application vroot.exe by clIcK TruSt OpT has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from get.0123b.info.
Publisher:
clIcK TruSt OpT  (signed and verified)

Product:
File

Version:
1.9.3.0

MD5:
62cf6957cc6295546ec80b8382acab12

SHA-1:
bfb323d5094435fdc898328d15a4bcb1bce05551

SHA-256:
d662b9c5b502223067a3969baa3753941387caa29eedb4aaf2c1ba506e3f569d

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/24/2024 5:09:09 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Outbrowse.BA
5753272

Agnitum Outpost
Trojan.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.04.30

avast!
Malware-gen
150319-1

AVG
Adware Generic_s.EO
2014.0.4311

Bitdefender
Application.Bundler.Outbrowse.BA
1.0.20.600

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.OutBrowse.188
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.Outbrowse.BA
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
4/30/2015

G Data
Application.Bundler.Outbrowse.BA
15.4.25

McAfee
Adware-OutBrowse.e
5600.6779

MicroWorld eScan
Application.Bundler.Outbrowse.BA
16.0.0.360

NANO AntiVirus
Trojan.Nsis.OutBrowse.dpzbjn
0.30.24.1357

Quick Heal
Adware.NSIS.OutBrowse.A
4.15.14.00

Reason Heuristics
Threat.Outbrowse.Bundler
15.4.30.11

Vba32 AntiVirus
Adware.Outbrowse
3.12.26.3

VIPRE Antivirus
Threat.5085447
39486

File size:
1.1 MB (1,141,200 bytes)

Product version:
1.9.3.0

Copyright:
File

Original file name:
Ionic.Zip-2015Mar25-131041-bbea8a4e-9b4a-4493-959a-14f098184efd.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Common path:
C:\users\{user}\downloads\vroot.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Subject:
CN=clIcK TruSt OpT, O=clIcK TruSt OpT, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
078E32599BB69DDEBBD539E01020FB2E

File PE Metadata
Compilation timestamp:
3/25/2015 9:10:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:xbSaE4mvt/q55C621ucBK+r48IpKtJPFg:xbSv4mvgC69caaPFg

Entry address:
0x75F3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
464 KB (475,136 bytes)

The file vroot.exe has been seen being distributed by the following URL.

Remove vroot.exe - Powered by Reason Core Security