windows7 loader activator.exe

BON DON JOV

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application windows7 loader activator.exe by BON DON JOV has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from get.downward2208.info and multiple other hosts.
Publisher:
BON DON JOV  (signed and verified)

MD5:
844bc9610eafada7a99cf0e37e1a2283

SHA-1:
fe36115382373796d96c4686368443fc17396425

SHA-256:
4c108e7a48b83871d6aa65688e28a2c0089c78490ad5da80614b39b74d1aa433

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 4:30:24 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Outbrowse.Gen
7.11.200.132

AVG
Downloader
2016.0.3230

ESET NOD32
Win32/OutBrowse.BS potentially unwanted application
7.0.302.0

K7 AntiVirus
Trojan
13.191.14628

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
15.0.0.543

Malwarebytes
PUP.Optional.OutBrowse
v2015.01.13.01

Reason Heuristics
PUP.BONDONJOV.Z
15.1.13.12

Trend Micro House Call
Suspici.31E8D10B
7.2.13

VIPRE Antivirus
Threat.4657539
36504

File size:
569.8 KB (583,496 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\windows7 loader activator.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
1/9/2015 1:00:00 AM

Valid to:
12/18/2015 12:59:59 AM

Subject:
CN=BON DON JOV, O=BON DON JOV, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
2FA767737DADE1D60ADE8683896AD37C

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:Zya3N1F3aOsyLGePC+OUHtgJfn6/aqIvSr0eCcjmO:Z9T1hP7rHtpRI6rfCIP

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file windows7 loader activator.exe has been seen being distributed by the following 2 URLs.

Remove windows7 loader activator.exe - Powered by Reason Core Security