» f_00bca9
Overview
Analysis
File Details
Downloads (2)

f_00bca9

The file f_00bca9 has been detected as a potentially unwanted program by 26 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from download1394.mediafire.com and multiple other hosts.

File name:

f_00bca9

MD5:

7b042f1be914dd7226e152e32a08417f

SHA-1:

3ae6ca20b49b2452b96db194e10426ad9d4cac6e

SHA-256:

a01d90c0d297d03761e2d4205676fec212ca81fc42b2cc23ad18e2773118b1df

Scanner detections:

26 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/26/2024 6:06:33 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.OutBrowse.J

506

Agnitum Outpost

PUA.OutBrowse

7.1.1

AhnLab V3 Security

ASD.Reputation

2015.09.17

Avira AntiVirus

PUA/Outbrowse.Gen

8.3.2.2

Arcabit

Application.OutBrowse.J

1.0.0.541

avast!

NSIS:OutBrowse-BN [PUP]

2014.9-150916

AVG

MultiDropper_c

2016.0.2984

Baidu Antivirus

Trojan.Win32.Adload

4.0.3.15916

Bitdefender

Application.OutBrowse.J

1.0.20.1295

Bkav FE

HW32.Packed

1.3.0.7237

Dr.Web

Trojan.Siggen6.33552

9.0.1.0259

ESET NOD32

Win32/OutBrowse potentially unwanted

9.12263

F-Secure

Application.OutBrowse.J

11.2015-16-09_4

G Data

Application.OutBrowse

15.9.25

IKARUS anti.virus

Trojan-Downloader.Win32.Adload

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.210.17236

Kaspersky

not-a-virus:AdWare.Win32.OutBrowse

14.0.0.1416

McAfee

Artemis!7B042F1BE914

5600.6640

MicroWorld eScan

Application.OutBrowse.J

16.0.0.777

NANO AntiVirus

Trojan.Win32.DownLoad3.dqapeg

0.30.24.3283

Panda Antivirus

Generic Suspicious

15.09.16.06

Qihoo 360 Security

HEUR/QVM41.2.Malware.Gen

1.0.0.1015

Quick Heal

AdWare.OutBrowse.r5 (Not a Virus)

9.15.14.00

Sophos

Generic PUA DK (PUA)

4.98

Vba32 AntiVirus

Adware.Outbrowse

3.12.26.4

VIPRE Antivirus

OutBrowse

43804

File size:

1.5 MB (1,611,020 bytes)

Common path:

C:\users\{user}\appdata\local\google\chrome\user data\default\cache\f_00bca9

File PE Metadata

Compilation timestamp:

1/31/2011 5:44:13 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:iQ1I+nqNHVbnPJ659YTi4WVfdc9KVIBUA:iQ1fnqNHVLUjj4MfSQI2A

Entry address:

0x1D20

Entry point:

55, 8B, EC, 6A, FF, 68, 28, 21, 40, 00, 68, A0, 1E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 88, 20, 40, 00, 59, 83, 0D, 54, 35, 40, 00, FF, 83, 0D, 58, 35, 40, 00, FF, FF, 15, 84, 20, 40, 00, 8B, 0D, CC, 32, 40, 00, 89, 08, FF, 15, 80, 20, 40, 00, 8B, 0D, C8, 32, 40, 00, 89, 08, A1, 7C, 20, 40, 00, 8B, 00, A3, 5C, 35, 40, 00, E8, 10, 01, 00, 00, 39, 1D, BC, 32, 40, 00, 75, 0C, 68, 9C, 1E, 40, 00, FF, 15, 78, 20... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

4 KB (4,096 bytes)

The file f_00bca9 has been seen being distributed by the following 2 URLs.

http://download1394.mediafire.com/4wbwg0g8jiug/.../RemoveWAT 2.2.8.exe

http://download1492.mediafire.com/6ez0o8241tsg/.../RemoveWAT 2.2.8.exe

Remove f_00bca9 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.