home

line cookie run hack tool.exe

The application line cookie run hack tool.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from dc715.4shared.com.
MD5:
ae4aae435848fb51a2eee7197182c648

SHA-1:
f6f025496193400b2867c05698aa9fa14f4b5d62

SHA-256:
b6a7f679dcf688902136d1fdd1a8a3b0553694e05aace19ad93b8892435c940a

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
5/6/2024 5:58:19 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AVG
MalSign.OutBrowse
2017.0.2663

Baidu Antivirus
Hacktool.Win32.OutBrowse
4.0.3.1683

Comodo Security
Application.Win32.OutBrowse.~A
17999

Dr.Web
Adware.Downware.1770
9.0.1.0216

ESET NOD32
Win32/OutBrowse (variant)
10.9600

Fortinet FortiGate
Riskware/NSIS_OutBrowse
8/3/2016

G Data
Win32.Application.OutBrowse
16.8.24

IKARUS anti.virus
not-a-virus:Downloader.NSIS
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.176.11566

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.-191

Malwarebytes
PUP.Optional.OutBrowse
v2016.08.03.02

NANO AntiVirus
Trojan.Win32.OutBrowse.csrlza
0.28.0.58720

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Quick Heal
Trojan.NSIS.OutBrowse.b
8.16.12.00

Reason Heuristics
PUP.OutBrowse (M)
16.8.3.2

Sophos
OutBrowse
4.98

Trend Micro House Call
TROJ_GEN.R0CBB01CQ14
7.2.216

Vba32 AntiVirus
Downloader.OutBrowse
3.12.24.3

VIPRE Antivirus
OutBrowse
27768

File size:
616 KB (630,761 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\line cookie run hack tool.exe

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:BdFyhCfsMntd1zdwVWyK1EzotWlj+kzVX0xp+lHTNo5uLMxHeXAkepYsq4b:BTyhCfsMtpwof1EzotWln3M6VXopa4b

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9786

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file line cookie run hack tool.exe has been seen being distributed by the following URL.

http://dc715.4shared.com/download/.../Line_Cookie_Run_Hack_Tool.exe

Remove line cookie run hack tool.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.