» get
Overview
Analysis
File Details

get

OUTBROWSE

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file get by OUTBROWSE has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

get

Publisher:

OUTBROWSE (signed and verified)

MD5:

dedcc514871967001c4656c911000569

SHA-1:

57c9e379c226bcc286ce04fda77bce38e21a9b34

SHA-256:

998e6b12bab130c7d1217dd413815c40287aef67788d226b47cdafa50a44fe35

Scanner detections:

24 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/24/2024 12:46:07 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

MemScan:Application.Bundler.Outbrowse.E

828

Agnitum Outpost

PUA.OutBrowse

7.1.1

AhnLab V3 Security

PUP/Win32.OutBrowse

2014.10.31

Avira AntiVirus

APPL/OutBrowse.lwasp

7.11.182.78

avast!

OutBrowse-H [PUP]

141025-0

AVG

Generic

2015.0.3306

Bitdefender

MemScan:Application.Bundler.Outbrowse.E

1.0.20.1515

Dr.Web

Adware.Downware.2081

9.0.1.05190

Emsisoft Anti-Malware

MemScan:Application.Bundler.Outbrowse

14.10.27

ESET NOD32

Win32/OutBrowse.R potentially unwanted application

7.0.302.0

F-Prot

W32/OutBrowse.B (exact, not disinfectable)

4.6.5.141

F-Secure

MemScan:Application.Bundler.Outbrowse

11.2014-30-10_5

G Data

MemScan:Application.Bundler.Outbrowse

14.10.24

K7 AntiVirus

Unwanted-Program

13.185.13853

Kaspersky

not-a-virus:AdWare.Win32.OutBrowse

15.0.0.494

Malwarebytes

PUP.Optional.OutBrowse

v2014.10.30.11

McAfee

Adware-OutBrowse

5600.6962

MicroWorld eScan

MemScan:Application.Bundler.Outbrowse.E

15.0.0.909

NANO AntiVirus

Riskware.Raw.OutBrowse.dbpywt

0.28.6.62995

nProtect

Trojan-Clicker/W32.OutBrowse.994200

14.10.30.01

Reason Heuristics

PUP.OUTBROWSE.H

14.10.27.9

Sophos

OutBrowse Revenyou

4.98

Vba32 AntiVirus

Downloader.Agent

3.12.26.3

VIPRE Antivirus

Threat.4150696

34232

File size:

970.9 KB (994,200 bytes)

Bundler/Installer:

OutBrowse Revenyou (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\get

Digital Signature

Signed by:

OUTBROWSE

Authority:

COMODO CA Limited

Valid from:

4/6/2014 5:00:00 PM

Valid to:

4/7/2015 4:59:59 PM

Subject:

CN=OUTBROWSE, O=OUTBROWSE, STREET=Bialik Number: 143, L=Ramat Gan, S=Israel, PostalCode=5252337, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A5F03C3A375C11FD6C1C160EE8BFF923

File PE Metadata

Compilation timestamp:

12/5/2009 3:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:U7HXdyZNrNF/4lgGhpwJxmntY1VKc9IsTELQ74Bc:8HXc3BqXp6fScKsILql

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9250

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove get - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.