home

685d317980e40f8f31212be7e5b05a4bf808057f9f851628294c20d349782da9

Sakysoft s.r.l.

The file 685d317980e40f8f31212be7e5b05a4bf808057f9f851628294c20d349782da9 by Sakysoft s.r.l has been detected as a potentially unwanted program by 25 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Sakysoft s.r.l.  (signed and verified)

MD5:
730d0122ac8f82b3fdcb7c0877e4a225

SHA-1:
921220207fcdb885a47914f67a2b9d5e9d9a66e0

SHA-256:
685d317980e40f8f31212be7e5b05a4bf808057f9f851628294c20d349782da9

Scanner detections:
25 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/27/2024 12:16:07 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
MemScan:Application.Bundler.Outbrowse.E
5675218

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
PUA/Outbrowse.Gen
8.3.1.6

Arcabit
Application.Bundler.Outbrowse.E
1.0.0.425

avast!
OutBrowse-C [PUP]
150602-1

AVG
Adware AdLoad.G
2014.0.4311

Bitdefender
MemScan:Application.Bundler.Outbrowse.E
1.0.20.780

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Downware.3980
9.0.1.05190

Emsisoft Anti-Malware
MemScan:Application.Bundler.Outbrowse
10.0.0.5366

ESET NOD32
Win32/OutBrowse.S potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
6/5/2015

F-Prot
Trojan!9d14 (exact, not disinfectable)
4.6.5.141

F-Secure
Riskware.MemScan:Application.Bundler.Outbrowse
5.14.151

G Data
MemScan:Application.Bundler.Outbrowse
15.6.25

Kaspersky
not-a-virus:Downloader.Win32.Agent
15.0.0.543

Malwarebytes
PUP.Optional.OutBrowse
v2015.06.05.12

MicroWorld eScan
MemScan:Application.Bundler.Outbrowse.E
16.0.0.468

NANO AntiVirus
Trojan.Win32.OutBrowse.dgnlgr
0.30.24.1636

Norman
MemScan:Application.Bundler.Outbrowse.E
02.06.2015 14:23:46

Qihoo 360 Security
Win32/Application.af9
1.0.0.1015

Reason Heuristics
Win32.Generic.Installer.Meta
15.6.4.23

SUPERAntiSpyware
Trojan.Agent/Gen-Downloader
9833

Total Defense
Win32/Tnega.OWXTBQC
37.1.62.1

VIPRE Antivirus
Trojan.Win32.Generic
40838

File size:
969.2 KB (992,448 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Digital Signature
Signed by:
Sakysoft s.r.l.

Authority:
COMODO CA Limited

Valid from:
3/4/2014 1:00:00 AM

Valid to:
3/4/2016 12:59:59 AM

Subject:
CN=Sakysoft s.r.l., O=Sakysoft s.r.l., STREET=Via Gorghi 6, L=Udine, S=UD, PostalCode=33100, C=IT

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00ECE0C7777AC73E48E3B63042EDCAEEB6

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:WwYzbrTZBqf+3pR2/bg/0fPzWJkUH1acWio5U1e3ib8:ifTjqAR++0nzWJkUVacjPYp

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9253

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.