home

windows 8 n 8.1 activator.exe

The application windows 8 n 8.1 activator.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from download1916.mediafire.com and multiple other hosts.
MD5:
daaf11fd359b59feeb38ecee88703096

SHA-1:
f1f59f5db6672efc3399f7298980382892bbc83e

SHA-256:
69f8bf2f4eb8256e56567e6aea86f4def759a0f391ec610a10cbdc94c665c049

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/26/2024 3:23:01 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-150402

Kaspersky
not-a-virus:AdWare.MSIL.OutBrowse
14.0.0.2254

Panda Antivirus
Generic Suspicious
15.04.02.02

Trend Micro House Call
TROJ_GEN.R047H07CV15
7.2.92

File size:
13 MB (13,589,605 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\windows 8 n 8.1 activator.exe

File PE Metadata
Compilation timestamp:
2/1/2011 12:44:13 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:8qdCtfV7w+DEK02AlcJohm1mP5lOc5il0s7:gtfV7wrK02AKJos1G5i2s7

Entry address:
0x1D20

Entry point:
55, 8B, EC, 6A, FF, 68, 28, 21, 40, 00, 68, A0, 1E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 88, 20, 40, 00, 59, 83, 0D, 54, 35, 40, 00, FF, 83, 0D, 58, 35, 40, 00, FF, FF, 15, 84, 20, 40, 00, 8B, 0D, CC, 32, 40, 00, 89, 08, FF, 15, 80, 20, 40, 00, 8B, 0D, C8, 32, 40, 00, 89, 08, A1, 7C, 20, 40, 00, 8B, 00, A3, 5C, 35, 40, 00, E8, 10, 01, 00, 00, 39, 1D, BC, 32, 40, 00, 75, 0C, 68, 9C, 1E, 40, 00, FF, 15, 78, 20...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
4 KB (4,096 bytes)

The file windows 8 n 8.1 activator.exe has been seen being distributed by the following 2 URLs.

http://download1916.mediafire.com/l4w1zp52uumg/.../Windows 8 n 8.1 Activator.exe

http://www.mediafire.com/download/.../Windows_8_n_8.1_Activator.exe

Remove windows 8 n 8.1 activator.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.