windows doctor 2.7.9.0 full keygen portable.rar.exe

Direct Download gtt

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application windows doctor 2.7.9.0 full keygen portable.rar.exe by Direct Download gtt has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from get.file21desktop.com.
Publisher:
Direct Download gtt  (signed and verified)

MD5:
409cdd2b29971fa702f90508ad0b789a

SHA-1:
b47be4a8f9deb61054376dc0ecb4d4d35f4a56e0

SHA-256:
f0738660083d777715d043d9d45d860ac62958ba6a5d4596d4f4883933a86631

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 8:09:05 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.03

Avira AntiVirus
APPL/Outbrowse.Gen
7.11.206.130

AVG
Potentially harmful program Downloader.DII
2014.0.4257

Dr.Web
infected with Trojan.OutBrowse.83
9.0.1.05190

ESET NOD32
Win32/OutBrowse.BS potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
2/2/2015

G Data
Win32.Application.Agent.PJ22JG
15.2.25

K7 AntiVirus
DoS-Trojan
13.193.14838

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
15.0.0.543

Malwarebytes
PUP.Optional.OutBrowse
v2015.02.02.04

McAfee
Adware-OutBrowse.e
5600.6866

Reason Heuristics
PUP.Outbrowse
15.2.14.11

Sophos
Generic PUA HA
4.98

Trend Micro House Call
Suspici.8D175B40
7.2.33

VIPRE Antivirus
Threat.4150696
36666

File size:
584.8 KB (598,856 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\windows doctor 2.7.9.0 full keygen portable.rar.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
1/27/2015 1:00:00 AM

Valid to:
1/28/2016 12:59:59 AM

Subject:
CN=Direct Download gtt, O=Direct Download gtt, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
7717CC520803FC279D794881B5520CE8

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:7/3b9CbBhqsSvngguEkV1gXUcrFLXMlOA2cizQml6tuBtM:7/RCdhqLvggudV1MUcrRcldFizRwu4

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file windows doctor 2.7.9.0 full keygen portable.rar.exe has been seen being distributed by the following URL.