1qfrak1juua==3.exe

The application 1qfrak1juua==3.exe has been detected as a potentially unwanted program by 33 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Version:
1.1.0.31

MD5:
8702e0633b8fc8ed6bbf3e1d2132fe7e

SHA-1:
48047f982cc9f97c3167e75e6702438c3bae1756

SHA-256:
df040230e7ad56fc2a9c3acebe0a7c3731dafd03ae11c5b87a46fe7ddfb66e88

Scanner detections:
33 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
6/24/2018 10:13:04 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Jaiko.699
5721164

Agnitum Outpost
PUA.PennyBee
7.1.1

AhnLab V3 Security
PUP/Win32.CrossRider
2015.06.21

Avira AntiVirus
ADWARE/PennyBee.248320.10
8.3.1.6

Antiy Labs AVL
Trojan/Win32.SGeneric
1.0.0.1

Arcabit
Trojan.Jaiko.699
1.0.0.425

avast!
Win32:Adware-gen [Adw]
2014.9-150620

AVG
Generic6
2016.0.3072

Baidu Antivirus
Adware.Win32.PennyBee
4.0.3.15620

Bitdefender
Application.Generic.1284686
1.0.20.855

Comodo Security
ApplicUnwnt
22518

Dr.Web
infected with Trojan.OutBrowse.576
9.0.1.05190

Emsisoft Anti-Malware
Application.Generic.1284686
10.0.0.5366

ESET NOD32
multiple threats
7.0.302.0

Fortinet FortiGate
Riskware/PennyBee
6/20/2015

F-Secure
Application.Generic.1284686
11.2015-20-06_7

G Data
Application.Generic.1284686
15.6.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.205.16308

K7 Gateway Antivirus
Adware
13.205.16308

Malwarebytes
PUP.Optional.Komodia
v2015.06.20.05

McAfee
Trojan.Artemis!8702E0633B8F
17.6.569.0

McAfee Web Gateway
BehavesLike.Win32.BadFile.wc
7.6728

Microsoft Security Essentials
Adware:Win32/ZoomyLib
1.199.3080.0

MicroWorld eScan
Application.Generic.1284686
16.0.0.513

NANO AntiVirus
Riskware.Win32.PennyBee.drsjlz
0.30.24.2086

Norman
Application.Generic.1284686
02.06.2015 14:23:46

Qihoo 360 Security
HEUR/QVM00.1.Malware.Gen
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.18C35EB1!415456945
23.00.65.15618

Trend Micro House Call
TROJ_GE.277C08C0
7.2.171

Trend Micro
TROJ_GE.277C08C0
10.465.20

VIPRE Antivirus
Threat.4150696
41244

Zillya! Antivirus
Adware.PennyBee.Win32.153
2.0.0.2238

File size:
3.4 MB (3,571,566 bytes)

Product version:
1.1.0.31

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\1qfrak1juua==3.exe

File PE Metadata
Compilation timestamp:
6/6/2009 5:41:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:r0JzTD6TJZtkiC2b65J30uwreZclWUj6hMuoG:r4vwJZt5C2b6J3LqdeM6

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to qh-in-f121.1e100.net  (74.125.22.121:80)

Remove 1qfrak1juua==3.exe - Powered by Reason Core Security