» file unlocker.exe
Overview
Analysis
File Details
Downloads (1)

file unlocker.exe

The application file unlocker.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a setup program which is used to install the application. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from www78.zippyshare.com.

File name:

file unlocker.exe

MD5:

e83db8d59468db83e23d8dfb49c95c57

SHA-1:

2d3509b2ead6530432333f02a6d4640df804cc5c

SHA-256:

0ab69c0ac063bdd70da539a6a3b6f9387bb0305bfeb91f99326ffe4ff82d1d63

Scanner detections:

20 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/16/2024 3:54:25 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Dropped:Application.OutBrowse.B

1000

Baidu Antivirus

Hacktool.Win32.OutBrowse

4.0.3.14511

Bitdefender

Dropped:Application.OutBrowse.B

1.0.20.655

Dr.Web

Adware.Downware.2081

9.0.1.0131

Emsisoft Anti-Malware

Gen:Variant.Zusy.84326

8.14.05.11.03

ESET NOD32

Win32/OutBrowse

8.9783

Fortinet FortiGate

Riskware/OutBrowse

5/11/2014

F-Secure

Dropped:Application.OutBrowse.B

11.2014-11-05_1

G Data

Dropped:Application.OutBrowse

14.5.24

K7 AntiVirus

Trojan

13.177.12041

Kaspersky

not-a-virus:Downloader.NSIS.OutBrowse

14.0.0.3884

MicroWorld eScan

Dropped:Application.OutBrowse.B

15.0.0.393

NANO AntiVirus

Trojan.Win32.Generic.cthmwf

0.28.0.59608

Panda Antivirus

Trj/CI.A

14.05.11.03

Qihoo 360 Security

Malware.QVM06.Gen

1.0.0.1015

Sophos

Generic PUA ME

4.98

Trend Micro House Call

TROJ_GE.F5FD59EC

7.2.131

Trend Micro

TROJ_GE.F5FD59EC

10.465.11

Vba32 AntiVirus

Downloader.OutBrowse

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Generic

29066

File size:

1.2 MB (1,265,770 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

6/9/2012 6:19:49 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:Z2O/GlRUTCqL3J7AGs1BpyLuW71zs9x/xPc5A6GbTSpUfzJZ1BQuQPKnI:feG3J7Spnx/xGGb6W71aKnI

Entry address:

0xAC87

Entry point:

E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 9F, 30, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, 8F, AB, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 24, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 24, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 0E, B1, FF, FF, C3, 56, 8B, F1, 8B, 06, 85, C0, 74, 07, 50, FF, 15, C4, 40, 41, 00, 83, 26, 00, 83, 66, 08, 00, 83, 66, 0C, 00, 5E, C3, 56, 8B, F1, 80, 7E, 04, 00, 75, 34, 68, F4, 44, 41, 00... 
[+]

Entropy:

7.9496 (probably packed)

Code size:

73 KB (74,752 bytes)

The file file unlocker.exe has been seen being distributed by the following URL.

http://www78.zippyshare.com/d/13309434/.../File Unlocker.exe

Remove file unlocker.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.