windows loader 2.2.2.exe

Apps market ABC

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application windows loader 2.2.2.exe by Apps market ABC has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from get.0107design.info.
Publisher:
Apps market ABC  (signed and verified)

MD5:
1d70549a294cc9a6af168dfc810babb2

SHA-1:
fa729b654caf6f24105815ddc7e3e4199939f6c6

SHA-256:
83c87617b0920d4a5920c1986c9e88abb196c3f426f8d5e2a673d156e910a6fc

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/24/2024 4:05:25 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Outbrowse.1
6467926

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
PUA/Outbrowse.Gen
7.11.212.24

avast!
OutBrowse-DN [PUP]
150129-1

AVG
Downloader
2016.0.3190

Bitdefender
Gen:Variant.Application.Bundler.Outbrowse.1
1.0.20.265

Dr.Web
infected with Trojan.OutBrowse.89
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Outbrowse
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
2/22/2015

F-Secure
Gen:Variant.Application.Bundler
11.2015-22-02_1

G Data
Gen:Variant.Application.Bundler.Outbrowse
15.2.25

K7 AntiVirus
Trojan
13.197.15043

Malwarebytes
PUP.Optional.OutBrowse.gen
v2015.02.22.02

MicroWorld eScan
Gen:Variant.Application.Bundler.Outbrowse.1
16.0.0.159

NANO AntiVirus
Trojan.Win32.OutBrowse.dmikim
0.30.0.296

Reason Heuristics
PUP.Outbrowse
15.2.22.14

Sophos
OutBrowse Revenyou
4.98

Trend Micro House Call
Suspici.2AB55E13
7.2.53

VIPRE Antivirus
Trojan.Win32.Generic
37796

File size:
610.9 KB (625,608 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\windows loader 2.2.2.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
2/1/2015 12:00:00 AM

Valid to:
1/27/2016 11:59:59 PM

Subject:
CN=Apps market ABC, O=Apps market ABC, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6BE197B02D2951B23855B9517380D4E8

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:/9R3aGSE++yo/REQZAcZq4129Ak5Koe6bDaW2kiZtEf9sSKMX5OLe5E0:/9Fanu/+QZAcoJR5UfH2qMX5L5H

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9473

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file windows loader 2.2.2.exe has been seen being distributed by the following URL.

Remove windows loader 2.2.2.exe - Powered by Reason Core Security