home

windows8_codecs.exe

OutBrowse LTD

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application windows8_codecs.exe by OutBrowse has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
OutBrowse LTD  (signed and verified)

MD5:
1601bd76f0da5ee53adc4b5d08dd614f

SHA-1:
6e11220b53399c2f046068b79db358e944b12f4d

SHA-256:
9ea8806742dd9c1b09dba6e1e96704c62b5c4df5b74fd5cbbaca29bda2a34082

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/15/2024 12:29:06 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Generic
2014.0.3616

Bkav FE
W32.Clod7a6.Trojan
1.3.0.4613

Dr.Web
Adware.Downware.1336
9.0.1.0357

ESET NOD32
Win32/OutBrowse (variant)
7.9176

herdProtect (fuzzy)
variant of wmvtomp4_setup.exe (Adware)
2013.12.28.14

IKARUS anti.virus
not-a-virus:Downloader.NSIS
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.174.10509

Malwarebytes
PUP.Optional.OutBrowse
v2013.12.23.03

McAfee
Artemis!8ADC49DA0887
5600.7267

Reason Heuristics
PUP.OutBrowse.P
14.8.7.17

Sophos
OutBrowse Revenyou
4.96

Trend Micro House Call
TROJ_GEN.F47V1106
7.2.357

Vba32 AntiVirus
Downloader.OutBrowse
3.12.24.3

File size:
611.6 KB (626,312 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\windows8_codecs.exe

Digital Signature
Signed by:
OutBrowse LTD

Authority:
Symantec Corporation

Valid from:
2/26/2013 3:00:00 AM

Valid to:
2/27/2014 2:59:59 AM

Subject:
CN=OutBrowse LTD, O=OutBrowse LTD, L=Ramat Gan, S=Ramat Gan, C=IL, SERIALNUMBER=514686914, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
06C1C2AE3E180ADDA27BBF2BD8EAC0E7

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:ZGvNHNrhLEfczFNjk05ZBmNyYGEYTSfx7YaQRhimr:ZqphEy3mNYEYKJQRhim

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9774

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file windows8_codecs.exe has been seen being distributed by the following 2 URLs.

http://www.techtudo.com.br/_/software/.../download

http://windows8codecs.org/Windows8_Codecs.exe

Remove windows8_codecs.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.