home

burn4free_setup.exe

Sakysoft s.r.l.

The application burn4free_setup.exe by Sakysoft s.r.l has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from directdownload.burn4free.com.
Publisher:
Sakysoft s.r.l.  (signed and verified)

MD5:
08fbbc9656d419142ed066fa546e24cd

SHA-1:
0ac4d4e324e0fdb493e212b55e2147c25a34aa9c

SHA-256:
5dd6afb4133ecd40dc48b47bb0a7715b85535c4ea6eb9b7bfee0b610f3a67c49

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/25/2024 6:54:39 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AVG
MalSign.OutBrowse
2015.0.3472

Comodo Security
Application.Win32.OutBrowse.~A
17897

Dr.Web
Adware.Downware.1770
9.0.1.0137

ESET NOD32
Win32/OutBrowse (variant)
8.9511

Fortinet FortiGate
Riskware/NSIS_OutBrowse
5/17/2014

IKARUS anti.virus
not-a-virus:Downloader.NSIS
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.176.11367

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.3855

Malwarebytes
PUP.Optional.OutBrowse
v2014.05.17.12

NANO AntiVirus
Trojan.Win32.OutBrowse.csrlza
0.28.0.58101

Reason Heuristics
PUP.Optional.Installer.P
14.5.17.0

Sophos
OutBrowse
4.98

Trend Micro House Call
TROJ_GE.D4A3A3C9
7.2.137

Vba32 AntiVirus
Downloader.OutBrowse
3.12.24.3

VIPRE Antivirus
OutBrowse
27158

File size:
621.2 KB (636,152 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Signed by:
Sakysoft s.r.l.

Authority:
COMODO CA Limited

Valid from:
3/4/2014 8:00:00 AM

Valid to:
3/4/2016 7:59:59 AM

Subject:
CN=Sakysoft s.r.l., O=Sakysoft s.r.l., STREET=Via Gorghi 6, L=Udine, S=UD, PostalCode=33100, C=IT

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00ECE0C7777AC73E48E3B63042EDCAEEB6

File PE Metadata
Compilation timestamp:
12/6/2009 6:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:v4FyhCfsMntd1zdwVWyK1EzotWlj+kzVX0xp+lHTNo5uLMxHeXAkepYsq4k:vIyhCfsMtpwof1EzotWln3M6VXopa4k

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9784

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file burn4free_setup.exe has been seen being distributed by the following URL.

http://directdownload.burn4free.com/burn4free_setup.exe

Remove burn4free_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.