» ff8installer.exe
Overview
Analysis
File Details

ff8installer.exe

OutBrowse Ltd

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application ff8installer.exe by OutBrowse has been detected as adware by 2 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.

File name:

ff8installer.exe

Publisher:

OutBrowse Ltd (signed and verified)

MD5:

2f5101305916b227b567093af1032c14

SHA-1:

3b271f843b1561049455ccb0ddadbeb29dddb81a

SHA-256:

f60406ed6a51fb57e8a921f16bdf00e81dd78ae1c5acadc0c7c06879cf3ea1f7

Scanner detections:

2 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/25/2024 4:53:33 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.OutBrowse.M

14.8.7.17

VIPRE Antivirus

OutBrowse

19974

File size:

470.4 KB (481,640 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\mixi.dj\ff8installer.exe

Digital Signature

Signed by:

OutBrowse Ltd

Authority:

VeriSign, Inc.

Valid from:

1/10/2012 7:00:00 PM

Valid to:

1/10/2013 6:59:59 PM

Subject:

CN=OutBrowse Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OutBrowse Ltd, L=Ramat Gan, S=Merkaz, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

51AC0634BE5BEE7A290676D4A583D04A

File PE Metadata

Compilation timestamp:

8/27/2012 12:28:56 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

12288:cdwtQwsp7I0zuKMx2k0zN7ymde94W4K+KQZ7sdwtQ:cdwG71I0zu6k67lROPO7q

Entry address:

0x4B6A3

Entry point:

E8, 43, 83, 00, 00, E9, A5, FE, FF, FF, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, 40, 29, 47, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, 11, 84, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 2A, F3, A5, FF, 24, 95, 24, B8, 44, 00, 90, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03... 
[+]

Entropy:

6.7209

Code size:

383 KB (392,192 bytes)

Remove ff8installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.