home

cccabfefgb.exe

click YES

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application cccabfefgb.exe, “ Install Your Software” by click YES has been detected as adware by 21 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory.
Publisher:
click YES  (signed and verified)

Description:
Install Your Software

Version:
2015.21.955.6

MD5:
124be2ecdf3bd71ef6f111ec37ba23f6

SHA-1:
7649c2dec2261fe0f15c25194f8b2cfedd3a4c98

SHA-256:
0ab7c69f55eb354e3596e1490f0ad77385926067e9edfafcdf43f2d54c482869

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/19/2024 4:04:34 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.23

avast!
Win32:OutBrowse-EA [PUP]
2014.9-150227

AVG
Downloader
2016.0.3185

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.15227

Clam AntiVirus
Win.Trojan.Outbrowse-4
0.98/21511

Dr.Web
Trojan.KillFiles.22265
9.0.1.058

ESET NOD32
Win32/OutBrowse.BA potentially unwanted (variant)
9.11215

Fortinet FortiGate
Riskware/OutBrowse
2/27/2015

K7 AntiVirus
Trojan
13.197.15043

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.2421

McAfee
Artemis!124BE2ECDF3B
5600.6841

NANO AntiVirus
Trojan.Win32.KillFiles.dmtzdt
0.30.0.296

Panda Antivirus
Generic Suspicious
15.02.27.09

Qihoo 360 Security
Win32/Virus.Downloader.46f
1.0.0.1015

Reason Heuristics
PUP.Installer.Outbrowse
15.2.27.21

Sophos
Generic PUA HG
4.98

Trend Micro House Call
TROJ_GEN.R02ZH07BE15
7.2.58

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
37794

Zillya! Antivirus
Downloader.OutBrowse.Win32.1193
2.0.0.2077

File size:
822.7 KB (842,424 bytes)

Product version:
2015.21.955.6

Copyright:
Copyright (C) 2015

Original file name:
2015219556.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\cccabfefgb.exe

Digital Signature
Signed by:
click YES

Authority:
thawte, Inc.

Valid from:
1/27/2015 6:00:00 PM

Valid to:
12/10/2015 5:59:59 PM

Subject:
CN=click YES, O=click YES, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0EBB20630C1F4A78AE1D671C5B78A1AE

File PE Metadata
Compilation timestamp:
2/1/2015 3:55:31 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:jo5S1D5svi7drotuH+6q/seuKOo/vcsHllP/fJeFyPK:M5S1D5sK71otuH+L/shKOoXhDP/BeFyy

Entry address:
0x854B5

Entry point:
E8, F0, AC, 00, 00, E9, 89, FE, FF, FF, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 40, FA, 4B, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 4C, A4, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 3C, A4, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49, 00, 8D, 04, 5B, 8B, 4C...
 
[+]

Entropy:
6.6203

Code size:
636 KB (651,264 bytes)

Remove cccabfefgb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.