home

installer_adobe_flash_player_english.exe

SAFe store btw

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application installer_adobe_flash_player_english.exe by SAFe store btw has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup.
Publisher:
SAFe store btw  (signed and verified)

MD5:
1c2494b9a90f5539b68576c0a8ac67cd

SHA-1:
fff2c02d32742310f4277b095e79435deadcca76

SHA-256:
59fd8f09e71dbd76cede749b64be3fb77f0fe584a815ec28f09256abc692fb36

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
5/4/2024 1:40:57 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Trojan.Generic.13261751
5777739

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.04.29

Avira AntiVirus
PUA/Outbrowse.Gen
3.6.1.96

AVG
Downloader
2016.0.3125

Bitdefender
Dropped:Trojan.Generic.13261751
1.0.20.590

Dr.Web
infected with Trojan.OutBrowse.437
9.0.1.05190

Emsisoft Anti-Malware
Dropped:Trojan.Generic.13261751
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BU potentially unwanted
9.11545

Fortinet FortiGate
Riskware/OutBrowse
4/28/2015

F-Secure
Dropped:Trojan.Generic.13261751
5.13.68

G Data
Dropped:Trojan.Generic.13261751
15.4.25

K7 AntiVirus
Adware
13.203.15734

McAfee
Program.Adware-OutBrowse.e
16.8.708.2

MicroWorld eScan
Dropped:Trojan.Generic.13261751
16.0.0.354

NANO AntiVirus
Trojan.Win32.OutBrowse.dqzhmi
0.30.24.1357

Quick Heal
Adware.NSIS.OutBrowse.A
4.15.14.00

Reason Heuristics
PUP.Outbrowse.Bundler
15.4.28.14

Sophos
Generic PUA HB
4.98

Trend Micro House Call
Suspici.F56DE516
7.2.118

VIPRE Antivirus
Threat.4823950
39486

File size:
576.5 KB (590,288 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\installer_adobe_flash_player_english.exe

Digital Signature
Signed by:
SAFe store btw

Authority:
thawte, Inc.

Valid from:
3/7/2015 7:00:00 PM

Valid to:
1/27/2016 6:59:59 PM

Subject:
CN=SAFe store btw, O=SAFe store btw, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
320771129CDF5E84E404CA0FEC102EE3

File PE Metadata
Compilation timestamp:
12/5/2009 5:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:rr25zhet6h7BWLrtZHmEAWeFjkmASGamPqj1d/vSnR6G2SzkOfy+:rr25Et6hQZHmEL1CmPqNanAUzkOL

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9425

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove installer_adobe_flash_player_english.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.