windows loader 2.2.exe

The application windows loader 2.2.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a setup program which is used to install the application. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from doc-0o-78-docs.googleusercontent.com and multiple other hosts.
MD5:
a7efd0479c0b32565847c4a2320e0747

SHA-1:
973e88d599670adbec1872c27fb6734b3b2257e2

SHA-256:
4ad28c1f825831a7599dc92187ff52ce59d0da6e23bac257453109ee426cab00

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/28/2024 12:57:11 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Dropper-gen [Drp]
2014.9-150628

Baidu Antivirus
Trojan.BAT.Small
4.0.3.15323

Bkav FE
HW32.Packed
1.3.0.6379

Comodo Security
UnclassifiedMalware
21617

ESET NOD32
BAT/TrojanClicker.Small.NCJ
9.11413

G Data
Win32.Trojan.Agent.R9ITQ8
15.6.25

herdProtect (fuzzy)
2015.6.28.19

IKARUS anti.virus
Trojan.BAT.Trojanclicker
t3scan.1.8.9.0

Kaspersky
not-a-virus:AdWare.MSIL.OutBrowse
14.0.0.2301

McAfee
Artemis!D8295D566232
5600.6720

Sophos
Generic PUA AJ
4.98

Trend Micro House Call
Suspicious_GEN.F47V0330
7.2.179

File size:
2 MB (2,052,038 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\windows loader 2.2.exe

File PE Metadata
Compilation timestamp:
1/31/2011 6:44:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:VQBLs9i2tv8RgLrDYVHrSZGBDHEvRFrxDz19gIGf98zikyGPUT:VQv22eLrDUS0RyBDB9quziUE

Entry address:
0x1D20

Entry point:
55, 8B, EC, 6A, FF, 68, 28, 21, 40, 00, 68, A0, 1E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 88, 20, 40, 00, 59, 83, 0D, 54, 35, 40, 00, FF, 83, 0D, 58, 35, 40, 00, FF, FF, 15, 84, 20, 40, 00, 8B, 0D, CC, 32, 40, 00, 89, 08, FF, 15, 80, 20, 40, 00, 8B, 0D, C8, 32, 40, 00, 89, 08, A1, 7C, 20, 40, 00, 8B, 00, A3, 5C, 35, 40, 00, E8, 10, 01, 00, 00, 39, 1D, BC, 32, 40, 00, 75, 0C, 68, 9C, 1E, 40, 00, FF, 15, 78, 20...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
4 KB (4,096 bytes)

The file windows loader 2.2.exe has been seen being distributed by the following 2 URLs.

https://doc-0o-78-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vnrp29bh9qfvkc6638mvq795imhvqmlf/1427436000000/14103555012556260862/.../0B0_DlFZ6PYCuOHhrY0tLYmJrWWM?e=download

Remove windows loader 2.2.exe - Powered by Reason Core Security