home

media_player_classic.exe

OutBrowse LTD

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application media_player_classic.exe by OutBrowse has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
OutBrowse LTD  (signed and verified)

MD5:
338ace4830e4d573c07c5674768eca3b

SHA-1:
7f0a298f3117ad4bd957a4c2054498e695b92843

SHA-256:
d351412d48ece1a706fee16f49fc976a42778be8606b2d70912a05cb83643831

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/18/2024 7:03:16 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Outbrowse.A
865

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.167.204

AVG
MalSign.Generic
2015.0.3343

Bitdefender
Application.Bundler.Outbrowse.A
1.0.20.1330

Bkav FE
W32.Clod7a6.Trojan
1.3.0.4613

Dr.Web
Adware.Downware.1336
9.0.1.0266

ESET NOD32
Win32/OutBrowse (variant)
8.9176

F-Secure
Application.Bundler.Outbrowse
11.2014-23-09_3

G Data
Application.Bundler.Outbrowse
14.9.24

herdProtect (fuzzy)
variant of windows8_codecs.exe (Adware)
2014.12.5.9

IKARUS anti.virus
not-a-virus:Downloader.NSIS
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.174.10509

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.3209

Malwarebytes
PUP.Optional.OutBrowse
v2014.09.23.07

McAfee
Artemis!8ADC49DA0887
5600.6999

MicroWorld eScan
Application.Bundler.Outbrowse.A
15.0.0.798

NANO AntiVirus
Riskware.Win32.Downware.dccolm
0.28.2.61519

Panda Antivirus
Trj/NsisDownloader.A
14.09.23.07

Qihoo 360 Security
Win32/Virus.Downloader.4f1
1.0.0.1015

Quick Heal
TrojanDownloader.NSIS.OutBrowse.B
9.14.14.00

Reason Heuristics
PUP.OutBrowse.U
14.9.23.7

Sophos
OutBrowse Revenyou
4.96

Trend Micro House Call
TROJ_GEN.F47V1106
7.2.339

Vba32 AntiVirus
Downloader.OutBrowse
3.12.24.3

File size:
611.6 KB (626,296 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Digital Signature
Signed by:
OutBrowse LTD

Authority:
Symantec Corporation

Valid from:
2/26/2013 1:00:00 AM

Valid to:
2/27/2014 12:59:59 AM

Subject:
CN=OutBrowse LTD, O=OutBrowse LTD, L=Ramat Gan, S=Ramat Gan, C=IL, SERIALNUMBER=514686914, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
06C1C2AE3E180ADDA27BBF2BD8EAC0E7

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:DJvNHNrhLEfczFNjk05ZBmNyYGEYTSfx7YaQRhimr:D/phEy3mNYEYKJQRhim

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file media_player_classic.exe has been seen being distributed by the following 2 URLs.

http://gsf-cf.softonic.com/7f0/a29/.../file?channel=WEB_SD&fdh=no&id_file=51028&instance=sd_client_es&type=PROGRAM&Expires=1418807448&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=MR7EJ6qxwG3Kcw-XQn2vunf1Hopmxghs5VNhxeiVU-51UU2PvAnAe984Pi66tFKI5ozXqqU4XmUPBDHOs74GDHHI8R63Y7udX-VLGTqCjJ1diF3Bx1JmYKR09D9R7olI2zkG1a8c3f-cxOUdnoxGwT1-UwT1M3yd2F-XHDojLWs_&filename=Media_Player_Classic.exe

http://gsf-cf.softonic.com/7f0/a29/.../file?SD_used=0&channel=WEB&fdh=no&id_file=51028&instance=softonic_es&type=PROGRAM&Expires=1424744359&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=dDlQ-hIy3xds1qRC0oD7M46yrjrbDPQ5vGkUHXCBIV7fjML9aYeljmg0BHvZiKW3DbRMjGpgC4B4y~cgBvoxsp5xQj9hM2~4A1Spr~04OAZ6WyVtpxgUpA9LB7KsdRjGgsy4DP0GRYG7YrPPAxDEnXtq-6n6YMLN7MU2EWWAoso_&filename=Media_Player_Classic.exe

Remove media_player_classic.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.