home

wl2.2_.egyup_.com_.rar.exe

The application wl2.2_.egyup_.com_.rar.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from get.down2desk.com.
MD5:
a5e40ae57a9db2ada348b390ee4d8ce0

SHA-1:
3dfa1e1bd875a2af27353f20ed5921bcda6a882e

SHA-256:
d20cc0d8302f1d43c53ec68fe1cbbeb58d1f4b218ae08084ba34e45e76ef3405

Scanner detections:
14 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/15/2024 9:47:54 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
PUA/Outbrowse.Gen
8.3.2.2

avast!
OutBrowse-AE [PUP]
151028-1

AVG
Generic_c
2016.0.2931

Comodo Security
Application.Win32.AltBrowse.HY
23554

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
Win32/OutBrowse.AE potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
11/8/2015

F-Prot
W32/Outbrowse.B2.gen
v6.4.7.1.166

McAfee
Program.Adware-OutBrowse
18.0.204.0

NANO AntiVirus
Trojan.Win32.Generic.dbxkzp
0.30.26.4437

Qihoo 360 Security
QVM42.0.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.151106

Sophos
Generic PUA IB (PUA)
4.98

File size:
617.2 KB (631,965 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\wl2.2_.egyup_.com_.rar.exe

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:qBX0clFdNeED/dxR6VXluJQqYU1g5w5Thk/H5ihf8F/fc8vy4he:qBEcLdZD/908JrKw5T2cmM86d

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9803

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file wl2.2_.egyup_.com_.rar.exe has been seen being distributed by the following URL.

http://get.down2desk.com/DownloadManager/Get?p=1831&d=8119&l=7640&n=1&d2=4&productname=WL2.2_.EgyUp_.CoM_.rar&exeurl=http://.../ep6Mmb&dynamicname=WL2.2_.EgyUp_.CoM_.rar&filename=WL2.2_.EgyUp_.CoM_.rar

Remove wl2.2_.egyup_.com_.rar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.