home

mahjong1.exe

Freegies Mahjong

OutBrowse LTD

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application mahjong1.exe by OutBrowse has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. This will plug into the web browser and collect information about the user's browsing activities (such as visited URLs) in order to display targeted popup advertisements. The file has been seen being downloaded from s3.amazonaws.com.
Publisher:
Freegies  (signed by OutBrowse LTD)

Product:
Freegies Mahjong

Version:
1.0

MD5:
e7ec26e3f0015fbc909d8c7ae3459980

SHA-1:
2b2b86401c14d8350b256fe055255acaf3e659d9

SHA-256:
5341aec7cb15ae08176eeac0fab3c7c9b8e58d5cb9708b02625781c78712c37a

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 4:56:01 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:OutBrowse-HW [PUP]
2014.9-150715

AVG
MalSign.Generic
2016.0.3141

Bitdefender
MemScan:Application.Bundler.Outbrowse.K
1.0.20.980

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.OutBrowse-4
0.98/21511

Dr.Web
Adware.Downware.1336
9.0.1.0102

ESET NOD32
Win32/OutBrowse (variant)
9.9025

herdProtect (fuzzy)
variant of mixi.exe (Adware)
2015.7.15.2

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.1734

Malwarebytes
PUP.Optional.OutBrowse
v2015.04.12.10

McAfee
Artemis!85E6BAC3826B
5600.6797

MicroWorld eScan
MemScan:Application.Bundler.Outbrowse.K
16.0.0.588

Quick Heal
TrojanDownloader.NSIS.OutBrowse.B
7.15.14.00

Reason Heuristics
PUP.Bundler.Outbrowse
15.4.12.18

Total Defense
Win32/Tnega.MeQVDRC
37.1.62.1

Trend Micro House Call
TROJ_GEN.F47V1022
7.2.102

VIPRE Antivirus
Adware.Adpopup
39522

File size:
613.3 KB (627,968 bytes)

Copyright:
© Freegies

Trademarks:
Freegies Mahjong

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mahjong1.exe

Digital Signature
Signed by:
OutBrowse LTD

Authority:
Symantec Corporation

Valid from:
2/25/2013 6:00:00 PM

Valid to:
2/26/2014 5:59:59 PM

Subject:
CN=OutBrowse LTD, O=OutBrowse LTD, L=Ramat Gan, S=Ramat Gan, C=IL, SERIALNUMBER=514686914, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
06C1C2AE3E180ADDA27BBF2BD8EAC0E7

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:iExVgFdpNYPW0C82suV43om/XioeJeZN97krl3Q2:iE3WNY3C82ENCKG3Q2

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9772

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file mahjong1.exe has been seen being distributed by the following URL.

http://s3.amazonaws.com/cdn.ppdownload.com/Freegies/.../Mahjong1.exe

Remove mahjong1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.