home

windows 8 activator.exe

The application windows 8 activator.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a setup program which is used to install the application. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from drive.google.com.
MD5:
8c221eaba0fa4d6cf5dc302e89aa2db1

SHA-1:
1f37f2c72a7f19f84cf91e97231bbd2957ad0cb8

SHA-256:
c4ab12cf5fea4131752b583099c564449a8d8bd2707cacd48fba8eaa07f5c87e

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
1/15/2025 5:31:39 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.MSIL.OutBrowse
4.0.3.15320

Bkav FE
HW32.Packed
1.3.0.6379

herdProtect (fuzzy)
variant of windows loader 2.3.exe
2015.6.25.22

Kaspersky
not-a-virus:AdWare.MSIL.OutBrowse
14.0.0.2319

McAfee
Artemis!8C221EABA0FA
5600.6821

Panda Antivirus
Generic Suspicious
15.03.20.02

Trend Micro House Call
TROJ_GEN.R047H07CH15
7.2.79

File size:
2 MB (2,066,562 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\windows 8 activator.exe

File PE Metadata
Compilation timestamp:
1/31/2011 1:44:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:fQ9sfrtw1yzf6DfhuRmr9FeKHoZFvtAGIiYDBXSby:fQWjtwgzSrsRcT0qtiqhSby

Entry address:
0x1D20

Entry point:
55, 8B, EC, 6A, FF, 68, 28, 21, 40, 00, 68, A0, 1E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 88, 20, 40, 00, 59, 83, 0D, 54, 35, 40, 00, FF, 83, 0D, 58, 35, 40, 00, FF, FF, 15, 84, 20, 40, 00, 8B, 0D, CC, 32, 40, 00, 89, 08, FF, 15, 80, 20, 40, 00, 8B, 0D, C8, 32, 40, 00, 89, 08, A1, 7C, 20, 40, 00, 8B, 00, A3, 5C, 35, 40, 00, E8, 10, 01, 00, 00, 39, 1D, BC, 32, 40, 00, 75, 0C, 68, 9C, 1E, 40, 00, FF, 15, 78, 20...
 
[+]

Entropy:
7.9789

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
4 KB (4,096 bytes)

The file windows 8 activator.exe has been seen being distributed by the following URL.

https://drive.google.com/uc?export=download&id=0B-EthI79WXHNRDJ5Qnl3VnpNVE0

Remove windows 8 activator.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.