home

{0e7db809-5513-429d-9b72-67c513672de6}

The file {0e7db809-5513-429d-9b72-67c513672de6} has been detected as a potentially unwanted program by 31 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from download1301.mediafire.com and multiple other hosts.
MD5:
f944bc989eb42d7a00865cb6e83ead17

SHA-1:
5bc659a65710091acfd6156087261ccb6c68c9d0

SHA-256:
388f2bc9b60702bcd74b2b19d034a7497aee0326194a70145bd24d84bbd741fc

Scanner detections:
31 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/26/2024 8:36:17 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Outbrowse.A
856

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.169.248

avast!
Win32:PUP-gen [PUP]
2014.9-141001

AVG
OutBrowse
2015.0.3334

Baidu Antivirus
Hacktool.Win32.OutBrowse
4.0.3.14101

Bitdefender
Application.Bundler.Outbrowse.A
1.0.20.1370

Comodo Security
Application.Win32.OutBrowse.~A
19353

Dr.Web
Adware.Downware.1676
9.0.1.0274

ESET NOD32
Win32/OutBrowse (variant)
8.10336

Fortinet FortiGate
Riskware/NSIS_OutBrowse
10/1/2014

F-Prot
W32/Outbrowse.A
v6.4.7.1.166

F-Secure
Application.Bundler.Outbrowse
11.2014-01-10_4

G Data
Application.Bundler.Outbrowse
14.10.24

IKARUS anti.virus
PUA.OutBrowse
t3scan.1.7.5.0

K7 AntiVirus
Trojan
13.183.13198

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.3167

Malwarebytes
PUP.Optional.OutBrowse
v2014.10.01.04

McAfee
RDN/Generic PUP.x!br3
5600.6990

MicroWorld eScan
Application.Bundler.Outbrowse.A
15.0.0.822

NANO AntiVirus
Trojan.Win32.OutBrowse.cvyscp
0.28.2.61861

Panda Antivirus
Trj/NsisDownloader.A
14.10.01.04

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Quick Heal
Downloader.NSIS.r5 (Not a Virus)
10.14.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.165A75A3!375027107
23.00.65.14929

Sophos
OutBrowse
4.98

Trend Micro House Call
TROJ_GEN.R04AC0EBR14
7.2.274

Trend Micro
TROJ_GEN.R04AC0EBR14
10.465.01

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
32656

ViRobot
Adware.AppDownloader.630735
2011.4.7.4223

File size:
616 KB (630,735 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:1bFyhCfsMntd1zdwVWyK1EzotWlj+kzVX0xp+lHTNo5uLMxHeXAkepYsq4z:1JyhCfsMtpwof1EzotWln3M6VXopa4z

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9783

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file {0e7db809-5513-429d-9b72-67c513672de6} has been seen being distributed by the following 3 URLs.

http://download1301.mediafire.com/zv6wx4mcpa8g/.../Setup (2014) _Distribution.exe

http://download644.mediafire.com/noq3mkmp316g/.../Setup (2014) _Distribution.exe

http://download1989.mediafire.com/f3bo6b2n1iig/.../Setup (2014) _Distribution.exe

Remove {0e7db809-5513-429d-9b72-67c513672de6} - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.