windowsloader 2.2.2.exe

yES APPs

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application windowsloader 2.2.2.exe by yES APPs has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the OutBrowse Revenyou installer.
Publisher:
PILXK  (signed by yES APPs)

Product:
PILXK

Version:
3194.15531.854.6693

MD5:
af5659badb3d7d77f804f068f1d07738

SHA-1:
61f31b0cc746696704700350d86abcc05cd81fad

SHA-256:
1933b471e5c2746ded09f3dac9184b0e76b594e2600963255b59d000293e5640

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/24/2024 4:57:17 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse (M)
16.7.23.2

File size:
744.2 KB (762,056 bytes)

Product version:
3194.15531.854.6693

Copyright:
PILXK

Trademarks:
PILXK

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\windowsloader 2.2.2.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
5/28/2015 2:00:00 AM

Valid to:
12/18/2015 12:59:59 AM

Subject:
CN=yES APPs, O=yES APPs, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
265DC0408CF3B52DFB1D83A636C6D864

File PE Metadata
Compilation timestamp:
12/5/2009 11:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:iHjlL4rHpXuv5BvtCAN3ZqOQ15s0u8kxTIiSnZI0CWvfc8vy4h:ih8rHov59tl3Zes0umxv886

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove windowsloader 2.2.2.exe - Powered by Reason Core Security