installer.exe

The application installer.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from get.desk2opapps.com.
Remove installer.exe - Powered by Reason Core Security
MD5:
6957205c9a8443431b95d9f5e7440bae

SHA-1:
8d7dc3c896df36b3e19e2126db34fba291932c4a

SHA-256:
367c148695c76e331838ef3eff1eefe441039266b27e5db2c5a61d697a46c079

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/11/2016 9:06:39 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2014.06.11

avast!
Rootkit-gen [Rtk]
140608-0

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
Win32/OutBrowse.M potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
6/10/2014

Malwarebytes
PUP.Optional.OutBrowse
v2014.06.10.10

McAfee
Adware-OutBrowse
5600.7104

NANO AntiVirus
Trojan.Win32.Generic.cthmwf
0.28.0.60253

SUPERAntiSpyware
Adware.Downloader/Variant
10552

Trend Micro House Call
TROJ_GEN.R0CBH06F614
7.2.161

VIPRE Antivirus
Threat.4823950
30086

Remove installer.exe - Powered by Reason Core Security
File size:
100.5 KB (102,953 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\installer.exe

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:OgXdZt9P6D3XJBCq5Ky/9XO3jR0eWSzUu/0WJ:Oe34GqUQ9OzRgW/c6

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file installer.exe has been seen being distributed by the following URL.

Remove installer.exe - Powered by Reason Core Security