» file.exe
Overview
Analysis
File Details

file.exe

DaiLy AppS fOrfOr

The application file.exe by DaiLy AppS fOrfOr has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.

File name:

file.exe

Publisher:

DaiLy AppS fOrfOr (signed and verified)

MD5:

e1ef6f2688de079042631fc1904870da

SHA-1:

7e616a19f4863ba6745e37de1d2c23c10608c2d0

SHA-256:

c676bd265a7044e5f661ef7be48ea16632a1430cce57c83fdfa97c431c54670c

Scanner detections:

10 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

5/14/2024 11:45:40 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.OutBrowse

2015.03.26

Avira AntiVirus

PUA/Outbrowse.Gen

3.6.1.96

Comodo Security

Application.Win32.AltBrowse.HY

21540

Dr.Web

infected with Trojan.OutBrowse.190

9.0.1.05190

ESET NOD32

Win32/OutBrowse.BU potentially unwanted application

7.0.302.0

G Data

NSIS.Application.OutBrowse.AC

15.3.25

Malwarebytes

PUP.Optional.OutBrowse

v2015.03.26.02

McAfee

Adware-OutBrowse.e

5600.6815

Quick Heal

Adware.NSIS.OutBrowse.A

3.15.14.00

Reason Heuristics

PUP.Installer.DaiLyAppSfOrfOr

15.3.26.2

File size:

597.3 KB (611,672 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\file.exe

Digital Signature

Signed by:

DaiLy AppS fOrfOr

Authority:

thawte, Inc.

Valid from:

3/23/2015 11:00:00 AM

Valid to:

1/28/2016 10:59:59 AM

Subject:

CN=DaiLy AppS fOrfOr, O=DaiLy AppS fOrfOr, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

07287FBE69E60C7CEE7918973B8AD4E4

File PE Metadata

Compilation timestamp:

12/6/2009 9:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:CbsqqXM/J3WHOtzx0thPuclKDIrr85yEu2AvNOKmfB:CbLEkM9uclKcroyEOvNM

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove file.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.