home

dow.exe

OUTBROWSE

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application dow.exe by OUTBROWSE has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.
Publisher:
OUTBROWSE  (signed and verified)

MD5:
e4101d211bb292acfe79d0ccc4d592b0

SHA-1:
362eba23cfdf112fded11dcd495fbf762cfc1da3

SHA-256:
82960e92ef10da349855a9b70791d95b8b69032cf92f461844edf366d6885782

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/29/2024 1:06:28 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3377

Baidu Antivirus
Adware.Win32.OutBrowse
4.0.3.14820

ESET NOD32
Win32/OutBrowse.AB (variant)
8.10284

G Data
Win32.Application.Outbrowse
14.8.24

K7 AntiVirus
Trojan
13.183.13014

Kaspersky
not-a-virus:HEUR:AdWare.Win32.OutBrowse
14.0.0.3378

McAfee
Artemis!2080470E8DD8
5600.7030

NANO AntiVirus
Riskware.Win32.OutBrowse.ddwemx
0.28.2.61721

Qihoo 360 Security
Win32/Virus.Adware.ec4
1.0.0.1015

Reason Heuristics
PUP.OUTBROWSE.D
14.8.20.11

Sophos
OutBrowse Revenyou
4.98

Trend Micro House Call
Suspicious_GEN.F47V0807
7.2.234

VIPRE Antivirus
OutBrowse
32374

File size:
796.9 KB (816,000 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\dow.exe

Digital Signature
Signed by:
OUTBROWSE

Authority:
COMODO CA Limited

Valid from:
4/7/2014 2:00:00 AM

Valid to:
4/8/2015 1:59:59 AM

Subject:
CN=OUTBROWSE, O=OUTBROWSE, STREET=Bialik Number: 143, L=Ramat Gan, S=Israel, PostalCode=5252337, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A5F03C3A375C11FD6C1C160EE8BFF923

File PE Metadata
Compilation timestamp:
8/19/2014 7:16:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:Vu21k2px0um9aP0FVbMhUsYQEqrMcnwkF9g6dq7:v1k2px05QPkVbMhUvQElcwkF9g6dq7

Entry address:
0x7F2F2

Entry point:
E8, F8, A8, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, F0, 99, 4B, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 8C, AB, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 7C, AB, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49, 00, 8D, 04...
 
[+]

Code size:
611 KB (625,664 bytes)

Remove dow.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.