home

bitcomet.exe.exe

Bon Don Jov

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application bitcomet.exe.exe by Bon Don Jov has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
Bon Don Jov  (signed and verified)

MD5:
d4fe036845f66f664d8d8a8f82b260d1

SHA-1:
c0af5e4f162ce2c2fdb0f23d30909af3d136e1f8

SHA-256:
be3c91ba19102b4ef5477c9930ace67d5e57fe068aa7695cb3b22fb499905077

Scanner detections:
31 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 4:33:04 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Trojan.Generic.12946266
5690745

Agnitum Outpost
PUA.OutBrowse.Gen.VU
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.04.25

Avira AntiVirus
PUA/Outbrowse.Gen
3.6.1.96

avast!
OutBrowse-II [PUP]
150423-1

AVG
Adware Generic6.ACXG
2014.0.4311

Bitdefender
Dropped:Trojan.Generic.12946266
1.0.20.575

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.OutBrowse.54
9.0.1.05190

Emsisoft Anti-Malware
Dropped:Trojan.Generic.12946266
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Adware/OutBrowse
4/25/2015

F-Prot
W32/OutBrowse.M (exact, not disinfectable)
4.6.5.141

F-Secure
Trojan.Generic.12946266
11.2015-25-04_7

G Data
Dropped:Trojan.Generic.12946266
15.4.25

herdProtect (fuzzy)
variant of bundle.exe (Adware)
2015.7.26.5

IKARUS anti.virus
PUA.OutBrowse
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.203.15706

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
15.0.0.543

Malwarebytes
PUP.Optional.OutBrowse
v2015.04.25.03

McAfee
Program.Adware-OutBrowse.e
16.8.708.2

MicroWorld eScan
Dropped:Trojan.Generic.12946266
16.0.0.345

NANO AntiVirus
Trojan.Win32.Generic.dorbnj
0.30.20.1219

nProtect
Trojan-Clicker/W32.OutBrowse.626392
15.04.24.01

Quick Heal
Adware.NSIS.OutBrowse.A
4.15.14.00

Reason Heuristics
Threat.Outbrowse.Bundler
15.4.24.22

Sophos
OutBrowse Revenyou
4.98

Trend Micro House Call
TROJ_GE.82AD8CDA
7.2.115

Trend Micro
TROJ_GE.82AD8CDA
10.465.25

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.3

VIPRE Antivirus
Threat.4784459
39354

File size:
611.7 KB (626,392 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\ProgramData\windows vxm\program\bitcomet.exe.exe

Digital Signature
Signed by:
Bon Don Jov

Authority:
GlobalSign nv-sa

Valid from:
11/19/2014 3:36:12 AM

Valid to:
11/20/2015 3:36:12 AM

Subject:
CN=Bon Don Jov, O=Bon Don Jov, L=Dublin, C=IE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112120D679EF1EE7D9572B904048A1A11800

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:g1aFDCuv8kwtvoDmtypWBPrzbGCYHw16jkh5mSM5t8IBa10QKrApgVW:g1eDd8kwtvtgpWBTzZx6jkhES0tBC0Q2

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9468

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove bitcomet.exe.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.