home

mdbrt.exe

MDB Repair Tool

SkySof

The application mdbrt.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from getfilez.com.
Publisher:
SkySof

Product:
MDB Repair Tool

Version:
3.0

MD5:
2dfdc54ed3c72f6f68d863d23a1168da

SHA-1:
07a556cc2e0ab408d99259107dc9ef90ce14d3e1

SHA-256:
0517f0347ba2702c0a5ea6742e771c54a4d923cae0072ff844787359588e1374

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/26/2024 1:37:31 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Generic
2014.0.3643

Comodo Security
Application.Win32.Agent.~BRO
17167

Dr.Web
Adware.Downware.1360
9.0.1.0235

ESET NOD32
Win32/OutBrowse
7.8973

Fortinet FortiGate
W32/OutBrowse.D
8/23/2013

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.3766

Malwarebytes
PUP.Optional.Smart
v2013.08.23.05

McAfee
Artemis!E0D12C7880E1
5600.7176

NANO AntiVirus
Trojan.Win32.OutBrowse.ccgruo
0.26.0.55532

Sophos
Generic PUA BC
4.91

Trend Micro House Call
TROJ_GEN.R0CBH07JK13
7.2.235

Vba32 AntiVirus
Downloader.OutBrowse
3.12.24.3

VIPRE Antivirus
OutBrowse
22780

File size:
573.3 KB (587,027 bytes)

Copyright:
© SkySof

Trademarks:
SkySof

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mdbrt.exe

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:/S2ArFBW4zcfmQT5XxrxuiABXpf3PKk9hxsesWj7TlalYAyBMJG:/S3rFB5jK5XdlAbfXhllalhyag

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9726

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file mdbrt.exe has been seen being distributed by the following URL.

http://getfilez.com/mdbrt.exe

Remove mdbrt.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.