home

isoburner_setup.exe

Cyberservices B.V.

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application isoburner_setup.exe by Cyberservices B.V has been detected as adware by 12 anti-malware scanners. The file has been seen being downloaded from mediafreeware.com.
Publisher:
Cyberservices B.V.  (signed and verified)

MD5:
b606c69dd8afa0e4a8cc8d136289b801

SHA-1:
1f0b6fc8d632a3ba646c6924979649651df05dcc

SHA-256:
4ce3084a736aba4bc5552b26fc8c4b0580c253b11e1bc81564b74544bcf4ec8b

Scanner detections:
12 / 68

Status:
Adware

Analysis date:
4/25/2024 11:46:48 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/DownloadGuide.Gen2
7.11.171.66

avast!
Win32:DownloadGuide-B [PUP]
2014.9-140911

AVG
BundleApp
2015.0.3510

ESET NOD32
Win32/DownloadGuide (variant)
8.9651

G Data
Win32.Application.DownloadGuide
14.4.24

IKARUS anti.virus
PUA.DownloadGuide
t3scan.1.7.5.0

Malwarebytes
PUP.Optional.Breitschopp
v2014.04.08.03

McAfee
Artemis!B606C69DD8AF
5600.7166

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.11.1

Trend Micro House Call
TROJ_GEN.F47V0404
7.2.98

VIPRE Antivirus
Trojan.Win32.Generic
28128

File size:
445.4 KB (456,048 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\isoburner_setup.exe

Digital Signature
Signed by:
Cyberservices B.V.

Authority:
COMODO CA Limited

Valid from:
2/9/2014 4:00:00 PM

Valid to:
2/10/2016 3:59:59 PM

Subject:
CN=Cyberservices B.V., O=Cyberservices B.V., STREET=Keizersgracht 62-64 NL, L=Amsterdam, S=Nordholland, PostalCode=1015CS, C=NL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
797CAC4561E8B8B21910CD01E0002669

File PE Metadata
Compilation timestamp:
3/24/2014 2:03:17 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:zjk2l0jFmS8kaBHYG+jqUKZCVxsxCsMrkDQk1jvO+AzF6GH8VPflPrGGuhfiN5zg:z10WHYfoUsxCsLD5rKuVX1PN53ELP

Entry address:
0x19586

Entry point:
E8, 9E, 48, 00, 00, E9, 89, FE, FF, FF, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, AC, 6D, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0...
 
[+]

Entropy:
6.9749

Code size:
144 KB (147,456 bytes)

The file isoburner_setup.exe has been seen being distributed by the following URL.

http://mediafreeware.com/.../isoburner_setup.exe

Remove isoburner_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.