» forge.1.8.11.14.3.1474.installer.exe
Overview
Analysis
File Details
Downloads (1)

forge.1.8.11.14.3.1474.installer.exe

The application forge.1.8.11.14.3.1474.installer.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

MD5:

119a1a0b4edec9064a0d470da4291606

SHA-1:

c83b1be9f7f25d50b8689d88c474ef7f07d548fe

SHA-256:

9acbe84c981d48c52192d42d3ad8e1f0a0b483620dc31f6769b4e28038ead807

Scanner detections:

20 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/25/2024 5:09:08 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.OutBrowse.J

377

Agnitum Outpost

PUA.OutBrowse

7.1.1

Avira AntiVirus

PUA/Outbrowse.Gen

8.3.2.2

Arcabit

Application.OutBrowse.J

1.0.0.425

avast!

NSIS:OutBrowse-BN [PUP]

2014.9-160124

Baidu Antivirus

PUA.Win32.Amonetize

4.0.3.16124

Bitdefender

Application.OutBrowse.J

1.0.20.120

Bkav FE

HW32.Packed

1.3.0.7133

Dr.Web

Trojan.Siggen6.33552

9.0.1.024

ESET NOD32

Win32/OutBrowse potentially unwanted

10.12151

F-Secure

Application.OutBrowse.J

11.2016-24-01_1

G Data

Application.OutBrowse

16.1.25

Kaspersky

not-a-virus:AdWare.Win32.OutBrowse

14.0.0.768

MicroWorld eScan

Application.OutBrowse.J

17.0.0.72

NANO AntiVirus

Trojan.Win32.DownLoad3.dqapeg

0.30.24.3079

Panda Antivirus

Trj/CI.A

16.01.24.11

Quick Heal

AdWare.OutBrowse.r5 (Not a Virus)

1.16.14.00

Reason Heuristics

PUP.OutBrowse (M)

16.1.24.11

Sophos

Generic PUA MI (PUA)

4.98

Vba32 AntiVirus

Adware.Outbrowse

3.12.26.4

File size:

1.5 MB (1,576,811 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\forge.1.8.11.14.3.1474.installer.exe

File PE Metadata

Compilation timestamp:

1/31/2011 9:44:13 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:XQ9or8FYC2bVE9rXTDqNDLAKUayhuJhn/ZpHh3aKvchHEBEb/tYLnHqELXUuv4:XQ0qY3+nqNHVbnPJVvcmBE/uLKgPv4

Entry address:

0x1D20

Entry point:

55, 8B, EC, 6A, FF, 68, 28, 21, 40, 00, 68, A0, 1E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 88, 20, 40, 00, 59, 83, 0D, 54, 35, 40, 00, FF, 83, 0D, 58, 35, 40, 00, FF, FF, 15, 84, 20, 40, 00, 8B, 0D, CC, 32, 40, 00, 89, 08, FF, 15, 80, 20, 40, 00, 8B, 0D, C8, 32, 40, 00, 89, 08, A1, 7C, 20, 40, 00, 8B, 00, A3, 5C, 35, 40, 00, E8, 10, 01, 00, 00, 39, 1D, BC, 32, 40, 00, 75, 0C, 68, 9C, 1E, 40, 00, FF, 15, 78, 20... 
[+]

Entropy:

7.8121

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

4 KB (4,096 bytes)

The file forge.1.8.11.14.3.1474.installer.exe has been seen being distributed by the following URL.

http://is.gd/eL1gkl

Remove forge.1.8.11.14.3.1474.installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.