» vroot.exe
Overview
Analysis
File Details
Downloads (1)

vroot.exe

File

clIcK TruSt OpT

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application vroot.exe by clIcK TruSt OpT has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from get.0123b.info.

File name:

vroot.exe

Publisher:

clIcK TruSt OpT (signed and verified)

Product:

File

Version:

1.9.3.0

MD5:

62cf6957cc6295546ec80b8382acab12

SHA-1:

bfb323d5094435fdc898328d15a4bcb1bce05551

SHA-256:

d662b9c5b502223067a3969baa3753941387caa29eedb4aaf2c1ba506e3f569d

Scanner detections:

19 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/5/2024 11:36:14 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.Outbrowse.BA

5753272

Agnitum Outpost

Trojan.OutBrowse

7.1.1

AhnLab V3 Security

PUP/Win32.OutBrowse

2015.04.30

avast!

Malware-gen

150319-1

AVG

Adware Generic_s.EO

2014.0.4311

Bitdefender

Application.Bundler.Outbrowse.BA

1.0.20.600

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Trojan.OutBrowse.188

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.Outbrowse.BA

9.0.0.4799

ESET NOD32

Win32/OutBrowse.BU potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/OutBrowse

4/30/2015

G Data

Application.Bundler.Outbrowse.BA

15.4.25

McAfee

Adware-OutBrowse.e

5600.6779

MicroWorld eScan

Application.Bundler.Outbrowse.BA

16.0.0.360

NANO AntiVirus

Trojan.Nsis.OutBrowse.dpzbjn

0.30.24.1357

Quick Heal

Adware.NSIS.OutBrowse.A

4.15.14.00

Reason Heuristics

Threat.Outbrowse.Bundler

15.4.30.11

Vba32 AntiVirus

Adware.Outbrowse

3.12.26.3

VIPRE Antivirus

Threat.5085447

39486

File size:

1.1 MB (1,141,200 bytes)

Product version:

1.9.3.0

File

Original file name:

Ionic.Zip-2015Mar25-131041-bbea8a4e-9b4a-4493-959a-14f098184efd.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

OutBrowse Revenyou

Common path:

C:\users\{user}\downloads\vroot.exe

Digital Signature

Signed by:

clIcK TruSt OpT

Authority:

thawte, Inc.

Subject:

CN=clIcK TruSt OpT, O=clIcK TruSt OpT, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

078E32599BB69DDEBBD539E01020FB2E

File PE Metadata

Compilation timestamp:

3/25/2015 9:10:41 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:xbSaE4mvt/q55C621ucBK+r48IpKtJPFg:xbSv4mvgC69caaPFg

Entry address:

0x75F3E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

464 KB (475,136 bytes)

The file vroot.exe has been seen being distributed by the following URL.

http://get.0123b.info/.../1427289037/1427289037?26109134143ZV9zNS8 bTkyLzUxIGM9KDUzMS8iaTsrNDgrMiNqPC0jZGNrZWVgamE8cm9taXMmYGJsajwuI3hjbz0pJWBoPGNici42

Remove vroot.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.