» hack 2014.exe
Overview
Analysis
File Details
Downloads (1)

hack 2014.exe

The application hack 2014.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from download1060.mediafire.com.

File name:

hack 2014.exe

MD5:

88ca4799c8a98785c0cdeb2b1f29dfd4

SHA-1:

f680f56f269fa1f8343ee2647aeac6128046eb42

SHA-256:

dc85727896923fc137c614fd941a9f0801c3283d7a6dd64a9a2af711dbdee6c3

Scanner detections:

14 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

5/10/2024 1:14:42 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Dropped:Trojan.Generic.11672330

837

Agnitum Outpost

PUA.OutBrowse

7.1.1

AhnLab V3 Security

PUP/Win32.OutBrowse

2014.09.21

Avira AntiVirus

APPL/Downloader.Gen

7.11.173.134

avast!

Win32:Malware-gen

2014.9-141021

Bitdefender

Dropped:Trojan.Generic.11672330

1.0.20.1470

Dr.Web

Trojan.Packed.28644

9.0.1.0294

Emsisoft Anti-Malware

Dropped:Trojan.Generic.11672330

8.14.10.21.05

ESET NOD32

Win32/OutBrowse.AJ (variant)

8.10445

F-Secure

Dropped:Trojan.Generic.11672330

11.2014-21-10_3

G Data

Dropped:Trojan.Generic.11672330

14.10.24

MicroWorld eScan

Dropped:Trojan.Generic.11672330

15.0.0.882

NANO AntiVirus

Trojan.Win32.OutBrowse.deinil

0.28.2.62151

Trend Micro House Call

Suspici.12797D5E

7.2.294

File size:

709.9 KB (726,924 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

12/6/2009 5:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:vPZm4Ry75XB/qc8iX9UEkUaM1iAq1uY4trfap+g9TCXdBNmi6LxV2m/h5hp8XLn:vw48b/qczqEVf1idYY4t7+vVCtBNluqT

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9473

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file hack 2014.exe has been seen being distributed by the following URL.

http://download1060.mediafire.com/k7cz1b7zciwg/.../Hack 2014.exe

Remove hack 2014.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.