home

get_0108app_info

BOn dOn jOv

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file get_0108app_info by BOn dOn jOv has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup.
Publisher:
BOn dOn jOv  (signed and verified)

MD5:
9f3cab553bf23f5273d8a475aa38aa13

SHA-1:
628d6dc5d44512fdacafa18c222bc5c4fb5344f7

SHA-256:
f484f25fc354e9cee09e1847b37d7ed33b3b4dc751d4e46dfaf19b481008fc7a

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/29/2024 4:40:48 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Outbrowse.1
6411963

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.Eorezo
2015.02.11

Avira AntiVirus
APPL/Outbrowse.Gen
7.11.209.130

AVG
Downloader
2016.0.3202

Bitdefender
Gen:Variant.Application.Bundler.Outbrowse.1
1.0.20.210

Comodo Security
Application.Win32.AltBrowse.HY
21038

Dr.Web
infected with Trojan.OutBrowse.88
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Outbrowse
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
2/11/2015

F-Secure
Gen:Variant.Application.Bundler
11.2015-11-02_4

G Data
Gen:Variant.Application.Bundler.Outbrowse
15.2.25

K7 AntiVirus
DoS-Trojan
13.194.14930

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
15.0.0.543

Malwarebytes
PUP.Optional.OutBrowse.gen
v2015.02.11.07

McAfee
Program.Adware-OutBrowse.e
16.8.708.2

MicroWorld eScan
Gen:Variant.Application.Bundler.Outbrowse.1
16.0.0.126

NANO AntiVirus
Trojan.Win32.OutBrowse.dnkyzt
0.30.0.65070

Reason Heuristics
PUP.Outbrowse
15.2.11.7

Trend Micro House Call
Suspici.B3BC0FA9
7.2.42

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.3

VIPRE Antivirus
Threat.4823950
37240

File size:
578 KB (591,896 bytes)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Application data\idm\dwnldata\administrateur\get_0108app_info_155\get_0108app_info

Digital Signature
Signed by:
BOn dOn jOv

Authority:
thawte, Inc.

Valid from:
2/1/2015 1:00:00 PM

Valid to:
12/18/2015 12:59:00 PM

Subject:
CN=BOn dOn jOv, O=BOn dOn jOv, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1F90E29060B700D6A2014E8405848982

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:CmtNSCXmligdHIyiMGCMYmr/O7B65tJYLeIp81swAoCeuhdGuDjY/Xr7:CZrQghIwGCbmbK8f82buhL0

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove get_0108app_info - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.