home

adobe reader.exe

Mari Mara

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application adobe reader.exe by Mari Mara has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from get.file3desktop.com.
Publisher:
Mari Mara  (signed and verified)

MD5:
dfda49d3b0b7cde701a1a861ac36f2e7

SHA-1:
0184a37fb7e125a4a4ee9c289030226ec32ace6e

SHA-256:
f6748c5df167a90f3ef5558bff637331a1f9ee0188ac1b70222c0fd1b2c7f7ba

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/17/2024 12:02:52 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
MemScan:Application.Bundler.Outbrowse.Q
6547779

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.03.19

Avira AntiVirus
PUA/Outbrowse.Gen
7.11.218.88

avast!
Malware-gen
150101-1

AVG
Potentially harmful program Downloader
2016.0.3166

Bitdefender
MemScan:Application.Bundler.Outbrowse.Q
1.0.20.385

Comodo Security
Application.Win32.AltBrowse.HY
21455

Dr.Web
Trojan.OutBrowse.14
9.0.1.077

Emsisoft Anti-Malware
MemScan:Application.Bundler.Outbrowse.Q
8.15.03.18.04

ESET NOD32
Win32/OutBrowse.BG potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
3/18/2015

F-Secure
Riskware.MemScan:Application.Bundler.Outbrowse
5.13.68

G Data
MemScan:Application.Bundler.Outbrowse
15.3.25

herdProtect (fuzzy)
variant of teamviewer.exe (Adware)
2015.6.24.11

K7 AntiVirus
Unwanted-Program
13.186.14150

Malwarebytes
PUP.Optional.OutBrowse
v2015.03.18.05

McAfee
Adware-OutBrowse.c
5600.6822

MicroWorld eScan
MemScan:Application.Bundler.Outbrowse.Q
16.0.0.231

NANO AntiVirus
Trojan.Win32.OutBrowse.djpwim
0.30.8.659

Norman
MemScan:Application.Bundler.Outbrowse.Q
02.01.2015 13:58:24

Reason Heuristics
PUP.Bundler.Outbrowse
15.3.18.16

Sophos
PUA 'OutBrowse Revenyou'
5.11

Trend Micro House Call
Suspici.1E866FE6
7.2.175

VIPRE Antivirus
Threat.4150696
35088

File size:
563.7 KB (577,224 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\adobe reader.exe

Digital Signature
Signed by:
Mari Mara

Authority:
GlobalSign nv-sa

Valid from:
11/11/2014 4:10:16 AM

Valid to:
11/12/2015 4:10:16 AM

Subject:
CN=Mari Mara, O=Mari Mara, L=Dublin, C=IE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112167C220B9C5568C1F2BDF4D04BEE1E24C

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:ojNoAgl/ehsHDnnoQyEnTKBvalmjqnaShoNGm:oI/jyGT0ljDSh8H

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file adobe reader.exe has been seen being distributed by the following URL.

http://get.file3desktop.com/DownloadManager/Get?p=15593&d=21343&l=20431&n=1&productname=Setup&exeurl=http://aihdownload.adobe.com/bin/.../install_reader11_uk_mssa_aaa_aih.exe&dynamicname=Adobe Reader&filename=Adobe Reader

Remove adobe reader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.