home

installer 1.1.4.exe

The application installer 1.1.4.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from doc-0s-1s-docs.googleusercontent.com and multiple other hosts.
MD5:
edc85e177fc843b377bf3c1e5c5e7a8c

SHA-1:
e3250a7e057fcb5a395426d2c03cb473fb317c99

SHA-256:
ec2077546648c9d54e59cfb2d2ed4c2a198a3e432a426b1b0426dcac1be7eedd

Scanner detections:
23 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
5/16/2024 3:41:34 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Application.OutBrowse.B
900

AhnLab V3 Security
PUP/Win32.OutBrowse
2014.06.17

Baidu Antivirus
Adware.Win32.OutBrowse
4.0.3.14819

Bitdefender
Dropped:Application.OutBrowse.B
1.0.20.1155

Dr.Web
Adware.Downware.2081
9.0.1.0231

ESET NOD32
Win32/OutBrowse
8.9953

Fortinet FortiGate
Riskware/OutBrowse
8/19/2014

F-Secure
Dropped:Application.OutBrowse.B
11.2014-19-08_3

G Data
Dropped:Application.OutBrowse
14.8.24

IKARUS anti.virus
AdWare.Downware
t3scan.1.6.1.0

K7 AntiVirus
Riskware
13.1712422

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.3383

McAfee
Artemis!EDC85E177FC8
5600.7034

MicroWorld eScan
Dropped:Application.OutBrowse.B
15.0.0.693

NANO AntiVirus
Trojan.Win32.Generic.cthmwf
0.28.0.60253

Panda Antivirus
Trj/CI.A
14.08.19.07

Qihoo 360 Security
Win32/Virus.Downloader.5e8
1.0.0.1015

Quick Heal
Downloader.NSIS.r5 (Not a Virus)
8.14.14.00

Sophos
Generic PUA OD
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0OEN14
7.2.231

Trend Micro
TROJ_GEN.R0CBC0OEN14
10.465.19

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
30352

File size:
965.4 KB (988,557 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\installer 1.1.4.exe

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:Tp7mcC0Wa3k3p8SJiJYWJipUi7vcJ3YONye1tVAwjbPQl78:dilQkZpJiGWJipU+EGOA4tVh/PS78

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9243

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file installer 1.1.4.exe has been seen being distributed by the following 2 URLs.

https://doc-0s-1s-docs.googleusercontent.com/docs/securesc/e7vrt18ask08uk25seui89dp29gqq6m6/p4ppp1e86804a0onkoq0e5t6b80sngds/1398571200000/08797877278711374108/.../0B_pot1PEgzu-UVpDbWx3b3FJZ0k?h=16653014193614665626&e=download

https://drive.google.com/uc?export=download&id=0B_pot1PEgzu-UVpDbWx3b3FJZ0k

Remove installer 1.1.4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.