home

installation.exe

VUDGOFF LLC

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installation.exe by VUDGOFF has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the ProfitServis Downloader installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
VUDGOFF LLC  (signed and verified)

MD5:
619770aa979b4c2c4a442a2d1b1f1647

SHA-1:
c874d7e0a425c03801d3e1e4a61347d745ab7284

SHA-256:
d27268581c82ca983b5e4f84832bed29efce5179af2cf8b7b5d4eac0f5e63de4

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 8:00:12 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.01

Avira AntiVirus
APPL/Outbrowse.Gen
7.11.206.68

Comodo Security
Application.Win32.OutBrowse.MQPC
20920

Dr.Web
infected with Trojan.OutBrowse.58
9.0.1.05190

ESET NOD32
Win32/OutBrowse.BQ potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
2/1/2015

F-Secure
Riskware.Gen:Application.Heur.wz1@muQ3iNai
5.13.68

K7 AntiVirus
Trojan
13.193.14824

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
15.0.0.543

Malwarebytes
PUP.Optional.OutBrowse
v2015.02.01.04

McAfee
Program.Adware-OutBrowse.d
16.8.708.2

NANO AntiVirus
Trojan.Win32.OutBrowse.dlwssj
0.30.0.65070

Reason Heuristics
PUP.ProfitServis
15.2.1.4

Trend Micro House Call
Suspici.202D3B0F
7.2.32

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.3

VIPRE Antivirus
Threat.4657539
36694

File size:
581.1 KB (595,072 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
ProfitServis Downloader (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\installation.exe

Digital Signature
Signed by:
VUDGOFF LLC

Authority:
thawte, Inc.

Valid from:
12/17/2014 6:00:00 PM

Valid to:
12/18/2015 5:59:59 PM

Subject:
CN=VUDGOFF LLC, O=VUDGOFF LLC, L=Kalush, S=Alberta, C=UA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
45535EA60C43A8EC88A3E4FF6C71827F

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:vfrjCjf+99WnNS/t1fzfViXOKPg6PRaRsf+5Y2CmN0K:vfrjeQ1RBuOKPt8r5YAR

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9743

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove installation.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.