home

goatsimulatorfulldownloader.exe

The application goatsimulatorfulldownloader.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from ia802503.us.archive.org and multiple other hosts.
MD5:
a9e03da3fc7d98d016a8586c36355a34

SHA-1:
faf634b1e6d812ed342f72d10d5b50ef67b413ce

SHA-256:
51430264c0de2ef724e09ced0bfb9161b9841703d668fd48160c4a2692d0dc91

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/19/2024 6:53:11 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Adware.Generic.955625
947

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.157.214

avast!
Win32:Adware-gen [Adw]
2014.9-140703

Baidu Antivirus
Adware.Win32.OutBrowse
4.0.3.1473

Bitdefender
Dropped:Adware.Generic.955625
1.0.20.920

Dr.Web
Adware.Downware.5333
9.0.1.0184

Emsisoft Anti-Malware
Dropped:Adware.Generic.955625
8.14.07.03.03

ESET NOD32
Win32/OutBrowse
8.10025

F-Secure
Dropped:Adware.Generic.955625
11.2014-03-07_5

G Data
Dropped:Adware.Generic.955625
14.7.24

Malwarebytes
PUP.Optional.OutBrowse
v2014.07.03.03

McAfee
RDN/Generic PUP.x!chn
5600.7081

MicroWorld eScan
Dropped:Adware.Generic.955625
15.0.0.552

Trend Micro House Call
TROJ_GE.91F69D18
7.2.184

VIPRE Antivirus
OutBrowse
30836

File size:
967.9 KB (991,086 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\goatsimulatorfulldownloader.exe

File PE Metadata
Compilation timestamp:
12/6/2009 6:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:HoCCHCg6+0w5gV9iQpRsBsJmwUIbCX2dJ63Ddhx9d7S3+IRzbP:ICCdFWVgQgBymwUIhH63DXxu3B/

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9230

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file goatsimulatorfulldownloader.exe has been seen being distributed by the following 2 URLs.

https://ia802503.us.archive.org/24/items/.../GoatSimulatorFullDownloader.exe

https://archive.org/download/.../GoatSimulatorFullDownloader.exe

Remove goatsimulatorfulldownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.