home

vroot.sfx.exe

The application vroot.sfx.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from odindownload.com.
MD5:
37fed0854b198927ba871427cdf2fe42

SHA-1:
49527f2d73925763bbc0fd3936bf919141e57fc5

SHA-256:
0e07b6ebfb6faad8a8f37c0652a2c8274d4a583bab7a871c3e68cf597d7f8b6c

Scanner detections:
27 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/6/2024 12:45:17 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Outbrowse.BE
479

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
PUA/Outbrowse.Gen
8.3.1.6

Arcabit
Application.Bundler.Outbrowse.BE
1.0.0.425

avast!
Win32:PUP-gen [PUP]
2014.9-151013

AVG
MSIL8
2016.0.2957

Baidu Antivirus
Adware.Win32.OutBrowse
4.0.3.151013

Bitdefender
Application.Bundler.Outbrowse.BE
1.0.20.1430

Bkav FE
W32.Clodc83.Trojan
1.3.0.7062

Dr.Web
Trojan.OutBrowse.275
9.0.1.0286

ESET NOD32
Win32/OutBrowse.BU potentially unwanted
9.12108

Fortinet FortiGate
Riskware/OutBrowse
10/13/2015

F-Secure
Gen:Variant.Application.Bundler
11.2015-13-10_3

G Data
Application.Bundler.Outbrowse.BE
15.10.25

Kaspersky
not-a-virus:HEUR:AdWare.NSIS.Generic
14.0.0.1281

McAfee
RDN/Generic.dx!dqp
5600.6613

MicroWorld eScan
Application.Bundler.Outbrowse.BE
16.0.0.858

NANO AntiVirus
Trojan.Win32.OutBrowse.dpynkl
0.30.24.3079

Panda Antivirus
Trj/CI.A
15.10.13.07

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Quick Heal
Adware.NSIS.OutBrowse.A
10.15.14.00

Sophos
Generic PUA MI (PUA)
4.98

Trend Micro House Call
TROJ_GE.A4D1D045
7.2.286

Trend Micro
TROJ_GE.A4D1D045
10.465.13

Vba32 AntiVirus
Adware.Outbrowse
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
42970

ViRobot
Trojan.Win32.S.Agent.951241[h]
2014.3.20.0

File size:
928.9 KB (951,241 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\vroot.sfx.exe

File PE Metadata
Compilation timestamp:
6/9/2012 6:19:49 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:w2O/GlJli1HFhRW0gyhfxoIpNOfP/t+M7vYb0ac5+:/QLRW0gHIjaP/f8pc5+

Entry address:
0xAC87

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 9F, 30, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, 8F, AB, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 24, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 24, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 0E, B1, FF, FF, C3, 56, 8B, F1, 8B, 06, 85, C0, 74, 07, 50, FF, 15, C4, 40, 41, 00, 83, 26, 00, 83, 66, 08, 00, 83, 66, 0C, 00, 5E, C3, 56, 8B, F1, 80, 7E, 04, 00, 75, 34, 68, F4, 44, 41, 00...
 
[+]

Entropy:
7.9513  (probably packed)

Code size:
73 KB (74,752 bytes)

The file vroot.sfx.exe has been seen being distributed by the following URL.

http://odindownload.com/vroot/.../Vroot.sfx.exe

Remove vroot.sfx.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.