wifikill for pc.exe

Daily apps forfor

The application wifikill for pc.exe by Daily apps forfor has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from yes-i-am-rich.com.
Publisher:
Daily apps forfor  (signed and verified)

MD5:
948be9dd28926a27bf378ad726b22d2c

SHA-1:
4385bc72ccbc3d90f4ba9164c0099edb34a2e881

SHA-256:
717ad852759860494e88bd9ec1fd15168a76d4ca0ce6bd4ce7698b58c11716f2

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/23/2024 10:56:31 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Outbrowse.1
6397131

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.13

Avira AntiVirus
APPL/Downloader.Gen
7.11.209.228

avast!
OutBrowse-BC [PUP]
150203-1

AVG
Potentially harmful program Downloader.DII
2014.0.4257

Bitdefender
Gen:Variant.Application.Bundler.Outbrowse.1
1.0.20.215

Dr.Web
infected with Trojan.OutBrowse.83
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Outbrowse
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
2/12/2015

F-Secure
Gen:Variant.Application.Bundler
11.2015-12-02_5

G Data
Gen:Variant.Application.Bundler.Outbrowse
15.2.25

K7 AntiVirus
DoS-Trojan
13.194.14945

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
15.0.0.543

Malwarebytes
PUP.Optional.OutBrowse
v2015.02.12.09

McAfee
Program.Adware-OutBrowse.e
16.8.708.2

MicroWorld eScan
Gen:Variant.Application.Bundler.Outbrowse.1
16.0.0.129

NANO AntiVirus
Trojan.Win32.OutBrowse.dnmhre
0.30.0.65070

Reason Heuristics
PUP.Dailyappsforfor
15.2.14.11

Trend Micro House Call
TROJ_GE.8F191241
7.2.43

Trend Micro
TROJ_GE.8F191241
10.465.12

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.3

VIPRE Antivirus
Threat.4150696
37240

File size:
584.7 KB (598,768 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\wifikill for pc.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
1/27/2015 12:00:00 AM

Valid to:
1/27/2016 11:59:59 PM

Subject:
CN=Daily apps forfor, O=Daily apps forfor, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6F1E3DDF304CE728A56FBDE7C027105B

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:QCjkrJtbMbbxvtBnVqgvAUoy9yJBoV8DGjtkSoYMHLN8S6tuBtP:QCjyMJtBVqmAtyuxGj+5l8SwuT

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file wifikill for pc.exe has been seen being distributed by the following URL.

Remove wifikill for pc.exe - Powered by Reason Core Security