» 9a0844cb45920e9faa71271ca34d99064d17c4fdcad31b9496ac9f9369e10894
Overview
Analysis
File Details

9a0844cb45920e9faa71271ca34d99064d17c4fdcad31b9496ac9f9369e10894

Sakysoft s.r.l.

The file 9a0844cb45920e9faa71271ca34d99064d17c4fdcad31b9496ac9f9369e10894 by Sakysoft s.r.l has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.

File name:

Publisher:

Sakysoft s.r.l. (signed and verified)

MD5:

f93ff315de390705208fa0f4a9eaa948

SHA-1:

dd40293bc159cdd369058640cfcf5c9f6f760052

SHA-256:

9a0844cb45920e9faa71271ca34d99064d17c4fdcad31b9496ac9f9369e10894

Scanner detections:

20 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/25/2024 2:57:11 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.OutBrowse

7.1.1

AVG

MalSign.OutBrowse

2016.0.3088

Comodo Security

Application.Win32.OutBrowse.~A

17993

Dr.Web

Adware.Downware.1770

9.0.1.0156

ESET NOD32

Win32/OutBrowse (variant)

9.9595

Fortinet FortiGate

Riskware/NSIS_OutBrowse

6/5/2015

G Data

Win32.Application.OutBrowse

15.6.24

IKARUS anti.virus

not-a-virus:Downloader.NSIS

t3scan.2.2.29

K7 AntiVirus

Unwanted-Program

13.176.11554

Kaspersky

not-a-virus:Downloader.NSIS.OutBrowse

14.0.0.1935

Malwarebytes

PUP.Optional.OutBrowse

v2015.06.05.12

McAfee

Artemis!F93FF315DE39

5600.6744

NANO AntiVirus

Trojan.Win32.OutBrowse.csrlza

0.28.0.58720

Qihoo 360 Security

Win32/Virus.Downloader.ad6

1.0.0.1015

Quick Heal

Trojan.NSIS.OutBrowse.b

6.15.12.00

Reason Heuristics

Win32.Generic.Installer.Meta

15.6.5.0

Sophos

OutBrowse

4.98

Trend Micro House Call

TROJ_GEN.F47V0324

7.2.156

Vba32 AntiVirus

Downloader.OutBrowse

3.12.24.3

VIPRE Antivirus

OutBrowse

27748

File size:

621.2 KB (636,144 bytes)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Digital Signature

Signed by:

Sakysoft s.r.l.

Authority:

COMODO CA Limited

Valid from:

3/4/2014 1:00:00 AM

Valid to:

3/4/2016 12:59:59 AM

Subject:

CN=Sakysoft s.r.l., O=Sakysoft s.r.l., STREET=Via Gorghi 6, L=Udine, S=UD, PostalCode=33100, C=IT

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00ECE0C7777AC73E48E3B63042EDCAEEB6

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:bUFyhCfsMntd1zdwVWyK1EzotWlj+kzVX0xp+lHTNo5uLMxHeXAkepYsq4x:bUyhCfsMtpwof1EzotWln3M6VXopa4x

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9784

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove 9a0844cb45920e9faa71271ca34d99064d17c4fdcad31b9496ac9f9369e10894 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.