home

j4yzgykv.u2q

CLIck Yes

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file j4yzgykv.u2q by CLIck Yes has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory.
Publisher:
CLIck Yes  (signed and verified)

MD5:
286f0e3a5778ed01027ca3b129e75722

SHA-1:
8a81b9296639400aeb615acf3d92a495d49d30d9

SHA-256:
b972106eea9423650636d017d2dcaaf4b666ce09881694be41e68846581be78e

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/16/2024 4:16:50 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.03.10

Avira AntiVirus
PUA/Outbrowse.Gen
7.11.215.136

avast!
PUP-gen [PUP]
2014.9-150309

AVG
Potentially harmful program Downloader.DUK
2014.0.4257

Dr.Web
infected with Trojan.OutBrowse.115
9.0.1.068

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
3/9/2015

herdProtect (fuzzy)
variant of 3xq1fzpc.liz (Adware)
2015.6.16.3

K7 AntiVirus
Trojan
13.200.15209

Malwarebytes
PUP.Optional.OutBrowse
v2015.03.09.11

McAfee
Program.Adware-OutBrowse.e
5600.6831

NANO AntiVirus
Riskware.Win32.OutBrowse.dorbcs
0.30.0.296

Reason Heuristics
PUP.Bundler.Outbrowse
15.3.9.23

Sophos
Generic PUA EP
4.98

Trend Micro House Call
TROJ_GE.58B8EAEF
7.2.68

Trend Micro
TROJ_GE.58B8EAEF
10.465.09

VIPRE Antivirus
Threat.4150696
38050

File size:
594.9 KB (609,168 bytes)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\j4yzgykv.u2q

Digital Signature
Signed by:
CLIck Yes

Authority:
thawte, Inc.

Valid from:
2/24/2015 5:00:00 PM

Valid to:
12/10/2015 4:59:59 PM

Subject:
CN=CLIck Yes, O=CLIck Yes, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
7A36B03E986FC883E45A62C491D55C89

File PE Metadata
Compilation timestamp:
12/5/2009 3:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:F2Bgkn9dpJPBGodX9wuJqkRBE9thsa8RhYL2PuFcHqlE:F2BxnthXWGBYm/Y6uGqu

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9446

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove j4yzgykv.u2q - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.