windows loader 2.2.2.exe

Just accept

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application windows loader 2.2.2.exe by Just accept has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from get.file26desktop.com.
Publisher:
Just accept  (signed and verified)

MD5:
8c7c32c1cc1177f5b182d3f1695625c0

SHA-1:
d0a6bcb00312efcf16caa6d0363aeffb7b0f8d92

SHA-256:
4fe8479d391068a74aeb66afee068748cf28b180626097611f86d9b67b26243b

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/25/2024 4:43:16 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
MemScan:Application.Bundler.JU
6515826

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.02

Avira AntiVirus
APPL/Outbrowse.Gen
7.11.206.110

avast!
PUP-gen [PUP]
150101-1

AVG
Downloader
2016.0.3211

Bitdefender
MemScan:Application.Bundler.JU
1.0.20.165

Dr.Web
Trojan.OutBrowse.81
9.0.1.05190

Emsisoft Anti-Malware
MemScan:Application.Bundler.JU
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BS potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
2/2/2015

F-Secure
Riskware.MemScan:Application.Bundler.JU
5.13.68

G Data
MemScan:Application.Bundler.JU
15.2.25

K7 AntiVirus
Trojan
13.193.14825

Malwarebytes
PUP.Optional.OutBrowse
v2015.02.02.04

McAfee
Program.Adware-OutBrowse.e
16.8.708.2

MicroWorld eScan
MemScan:Application.Bundler.JU
16.0.0.99

NANO AntiVirus
Trojan.Win32.OutBrowse.dnbbuz
0.30.0.65070

Reason Heuristics
PUP.Justaccept
15.2.2.4

Sophos
Generic PUA BC
4.98

Trend Micro House Call
ADW_OUTBROWSE
7.2.33

Trend Micro
ADW_OUTBROWSE
10.465.02

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.3

VIPRE Antivirus
Threat.4150696
36694

File size:
575.7 KB (589,528 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
1/13/2015 6:00:00 PM

Valid to:
12/17/2015 5:59:59 PM

Subject:
CN=Just accept, O=Just accept, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
4486E837654B3DD265D56AF6E4A75E1E

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:2wAFd9xON1AmnSB4NL2uoxvPhO9m1o/LGqYBA:2wAFbaBSGNLp6BOj/yY

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9676

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file windows loader 2.2.2.exe has been seen being distributed by the following URL.

Remove windows loader 2.2.2.exe - Powered by Reason Core Security