home

efcabfijfh.exe

bon don joV

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application efcabfijfh.exe by bon don joV has been detected as adware by 5 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.
Publisher:
bon don joV  (signed and verified)

Version:
2015.45.120.64

MD5:
c00754f5f38d363670901e5b8f74edb9

SHA-1:
b4480f02f919dcb823621a96e41a9d1dae33f8b7

SHA-256:
ec656b23efb3c02cf7735369fd7351d554fe53957ed31d6eef1a1ecd22326cb9

Scanner detections:
5 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
9/16/2025 8:38:07 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.04.06

Dr.Web
Trojan.OutBrowse.268
9.0.1.095

G Data
Win32.Adware.Outbrowse
15.4.25

herdProtect (fuzzy)
variant of efcabfbcabhc.exe (Adware)
2015.7.9.9

Reason Heuristics
PUP.Outbrowse
15.4.5.10

File size:
764 KB (782,368 bytes)

Product version:
2015.45.120.64

Copyright:
Copyright (C) 2015

Original file name:
20154512064.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\efcabfijfh.exe

Digital Signature
Signed by:
bon don joV

Authority:
thawte, Inc.

Valid from:
3/15/2015 7:00:00 PM

Valid to:
12/17/2015 5:59:59 PM

Subject:
CN=bon don joV, O=bon don joV, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
79FB29EF580EA8984C57F40342767D77

File PE Metadata
Compilation timestamp:
4/5/2015 7:00:26 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:6ZxrEI+2HiC0lp59Ftx0VdR5wllOaPnq1ZOBzggQbHE4uBOnkDoIb9dwjVms5/+:6fH+2HiC0lp59J0HRuHnq1ZONgxHE2nA

Entry address:
0x7A7CB

Entry point:
E8, 0A, A9, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, F0, 57, 49, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 68, 50, 49, 00, C9, C2, 08, 00, B8, 1F, 5C, 48, 00, A3, 78, 1F, 4B, 00, C7, 05, 7C, 1F, 4B, 00, 15, 53, 48, 00, C7, 05, 80, 1F, 4B, 00, C9, 52, 48, 00, C7, 05, 84, 1F, 4B, 00, 02, 53, 48, 00, C7, 05...
 
[+]

Entropy:
6.6125

Code size:
590.5 KB (604,672 bytes)

Remove efcabfijfh.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.