» 61a7e018a154cafacba51307e4b0e8619da0af34d4f75e94db2e2a088d6a93d9
Overview
Analysis
File Details

61a7e018a154cafacba51307e4b0e8619da0af34d4f75e94db2e2a088d6a93d9

Sakysoft s.r.l.

The file 61a7e018a154cafacba51307e4b0e8619da0af34d4f75e94db2e2a088d6a93d9 by Sakysoft s.r.l has been detected as a potentially unwanted program by 29 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

Publisher:

Sakysoft s.r.l. (signed and verified)

MD5:

449340dbc4f0e8d963a938b4ff75bd83

SHA-1:

5b92d0fb0660a4865734d683e86653064ec4e947

SHA-256:

61a7e018a154cafacba51307e4b0e8619da0af34d4f75e94db2e2a088d6a93d9

Scanner detections:

29 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/25/2024 10:21:06 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.Outbrowse.A

5670435

Agnitum Outpost

PUA.OutBrowse

7.1.1

Avira AntiVirus

PUA/Outbrowse.Gen

8.3.1.6

Arcabit

Application.Bundler.Outbrowse.A

1.0.0.425

avast!

OutBrowse-HW [PUP]

150602-1

Bitdefender

Application.Bundler.Outbrowse.A

1.0.20.780

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.OutBrowse-4

0.98/20550

Comodo Security

Application.Win32.OutBrowse.~B

22338

Dr.Web

Adware.Downware.9680

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.Outbrowse

10.0.0.5366

ESET NOD32

Win32/OutBrowse.D potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/NSIS_OutBrowse

6/5/2015

F-Secure

Application.Bundler.Outbrowse

11.2015-05-06_6

G Data

Application.Bundler.Outbrowse

15.6.25

K7 AntiVirus

Unwanted-Program

13.204.16146

Kaspersky

not-a-virus:Downloader.NSIS.OutBrowse

15.0.0.543

Malwarebytes

PUP.Optional.Smart

v2015.06.05.12

MicroWorld eScan

Application.Bundler.Outbrowse.A

16.0.0.468

NANO AntiVirus

Trojan.Win32.OutBrowse.cxaakt

0.30.24.1636

Norman

Application.Bundler.Outbrowse.A

02.06.2015 14:23:46

Qihoo 360 Security

Trojan.Generic

1.0.0.1015

Quick Heal

TrojanDownloader.NSIS.OutBrowse.B

6.15.14.00

Reason Heuristics

Win32.Generic.Installer.Meta

15.6.4.23

Sophos

PUA 'OutBrowse' (of type Adware)

5.15

SUPERAntiSpyware

Adware.OutBrowse/Variant

9833

Total Defense

Win32/Tnega.fRTYbOC

37.1.62.1

Vba32 AntiVirus

Downloader.OutBrowse

3.12.26.4

VIPRE Antivirus

OutBrowse

40838

File size:

606.6 KB (621,176 bytes)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Digital Signature

Signed by:

Sakysoft s.r.l.

Authority:

COMODO CA Limited

Valid from:

2/22/2013 1:00:00 AM

Valid to:

2/23/2014 12:59:59 AM

Subject:

CN=Sakysoft s.r.l., O=Sakysoft s.r.l., STREET=Via Gorghi 6, L=Udine, S=UD, PostalCode=33100, C=IT

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

71866EA827886C967A3E4D23288DBA3A

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:995cWN3aPbD3x6imu00ufz6HSkdxvN+RrA55N2uSgcbUe6Q8SAEe3nTJlo:97rNKPbDVmH0uf+HSkHl+RsnNFSgcD64

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9774

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove 61a7e018a154cafacba51307e4b0e8619da0af34d4f75e94db2e2a088d6a93d9 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.