home

2014newrelease.exe

The application 2014newrelease.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from download2119.mediafire.com and multiple other hosts.
MD5:
de39fa41bba4ef0c9fb670a07a1e6fdd

SHA-1:
3cf5a2c3d97433cafcb4e474f71311010afc4559

SHA-256:
26fe1726a02cdd70106ededa2815fb319f50a5aa3c852a374cd69a54f1b9a2d9

Scanner detections:
22 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/24/2024 6:47:16 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2014.12.04

Avira AntiVirus
APPL/Downloader.Gen
7.11.192.134

avast!
NSIS:OutBrowse-D [PUP]
2014.9-141206

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.14126

Dr.Web
Trojan.Packed.28644
9.0.1.0340

ESET NOD32
Win32/OutBrowse.AJ (variant)
8.10821

G Data
Win32.Application.OutBrowse
14.12.24

K7 AntiVirus
Trojan
13.186.14225

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
14.0.0.2839

Malwarebytes
PUP.Optional.OutBrowse
v2014.12.06.05

McAfee
RDN/Generic PUP.x!cnw
5600.6925

NANO AntiVirus
Trojan.Win32.OutBrowse.deinil
0.28.6.63850

nProtect
Trojan-Clicker/W32.OutBrowse.726924
14.12.03.01

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Quick Heal
AdWare.OutBrowse.r5 (Not a Virus)
12.14.14.00

Sophos
Generic PUA DM
4.98

Trend Micro House Call
TROJ_GEN.R0C1C0OIK14
7.2.340

Trend Micro
TROJ_GEN.R0C1C0OIK14
10.465.06

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
35390

Zillya! Antivirus
Adware.OutBrowse.Win32.9015
2.0.0.1998

File size:
709.9 KB (726,924 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\2014newrelease.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:L1m4Ry75XB/qc8iX9UEkUaM1iAq1uY4trfap+g9TCXdBNmi6LxV2m/h5hp8XLx:Ls48b/qczqEVf1idYY4t7+vVCtBNluq1

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9468

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file 2014newrelease.exe has been seen being distributed by the following 5 URLs.

http://download2119.mediafire.com/22v88h54jcog/.../Setup2014new.exe

http://download714.mediafire.com/gl0437bg4g3g/.../SetupAug2014.exe

http://download1954.mediafire.com/6a1l66nho9bg/.../SetupAug2014.exe

http://download2143.mediafire.com/6f416n50k2ag/.../Setup2014new.exe

http://download2143.mediafire.com/r4rdcxy2x84g/.../2014newRelease.exe

Remove 2014newrelease.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.