home

windows 7 loader.exe

The application windows 7 loader.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from drive.google.com and multiple other hosts.
MD5:
3b6e1c6905ad886a8b05b2fb5463f86d

SHA-1:
150265174b4edda78b076816d6696712464b342d

SHA-256:
ab60a2ae2ba25c6dcc6109bd9c8227dd4447a8159fcc57a9dc46287a0c24b358

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/16/2024 7:50:39 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
ASD.Reputation
2016.01.20

Baidu Antivirus
Adware.MSIL.OutBrowse
4.0.3.16211

Bkav FE
HW32.Packed
1.3.0.7400

G Data
Win32.Application.Agent.UIHZ18
16.2.25

IKARUS anti.virus
not-a-virus:AdWare.MSIL.OutBrowse
t3scan.1.9.5.0

Kaspersky
not-a-virus:AdWare.MSIL.OutBrowse
14.0.0.675

Malwarebytes
PUP.Optional.Amonetize
v2016.02.11.09

McAfee
Artemis!3B6E1C6905AD
5600.6492

Panda Antivirus
Generic Suspicious
16.02.11.09

Reason Heuristics
PUP.OutBrowse (M)
16.2.11.21

Sophos
Generic PUA BF (PUA)
4.98

VIPRE Antivirus
OutBrowse
46620

Zillya! Antivirus
Adware.OutBrowse.Win32.20359
2.0.0.2619

File size:
2.2 MB (2,340,789 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\windows 7 loader.exe

File PE Metadata
Compilation timestamp:
1/31/2011 6:44:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:FQsWjDQB81ZSWZgqHVr20KFt3u+++GUow1/G/RD50/j3HvnPQ:FQsSDQBNwHKn3xYUX16Y/bno

Entry address:
0x1D20

Entry point:
55, 8B, EC, 6A, FF, 68, 28, 21, 40, 00, 68, A0, 1E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 88, 20, 40, 00, 59, 83, 0D, 54, 35, 40, 00, FF, 83, 0D, 58, 35, 40, 00, FF, FF, 15, 84, 20, 40, 00, 8B, 0D, CC, 32, 40, 00, 89, 08, FF, 15, 80, 20, 40, 00, 8B, 0D, C8, 32, 40, 00, 89, 08, A1, 7C, 20, 40, 00, 8B, 00, A3, 5C, 35, 40, 00, E8, 10, 01, 00, 00, 39, 1D, BC, 32, 40, 00, 75, 0C, 68, 9C, 1E, 40, 00, FF, 15, 78, 20...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
4 KB (4,096 bytes)

The file windows 7 loader.exe has been seen being distributed by the following 2 URLs.

https://drive.google.com/uc?export=download&id=0B-EthI79WXHNMHQyVWExY3hZOGc

https://doc-0g-04-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mnje9bc7ghdlqq8kbhbebu9ca90ln96l/1424988000000/08786061292528027406/.../0B-EthI79WXHNQmV1aVZmcEtoSnM?e=download

Remove windows 7 loader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.