home

mixi237_246.exe

OutBrowse LTD

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application mixi237_246.exe by OutBrowse has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
OutBrowse LTD  (signed and verified)

MD5:
a43c68da982452c4fe8aa2ed7d368daf

SHA-1:
4f9738b2f7c2d546cd2b98e9c3806346b171625d

SHA-256:
c27b6ee6c8ea1e85fbf49316dd38f1fe1c7eff828135598ecb50d9338eea9aa5

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/29/2024 2:44:37 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Trojan.Adw.OutBrowse.L
2013.8.29.0

Dr.Web
Adware.Downware.1336
9.0.1.0241

ESET NOD32
Win32/OutBrowse (variant)
7.8646

Malwarebytes
PUP.Optional.OutBrowse
v2013.08.29.12

Reason Heuristics
PUP.OutBrowse.L
14.8.7.17

SUPERAntiSpyware
Trojan.Agent/Gen-Downloader
10707

Trend Micro House Call
TROJ_GEN.F47V0430
7.2.241

File size:
270.7 KB (277,184 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\mixi237_246.exe

Digital Signature
Signed by:
OutBrowse LTD

Authority:
Symantec Corporation

Valid from:
2/25/2013 4:00:00 PM

Valid to:
2/26/2014 3:59:59 PM

Subject:
CN=OutBrowse LTD, O=OutBrowse LTD, L=Ramat Gan, S=Ramat Gan, C=IL, SERIALNUMBER=514686914, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
06C1C2AE3E180ADDA27BBF2BD8EAC0E7

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:ge34YZ96G/Gnp/+B/lxHjDtwX4L0Eo856or9e2paxNDC:DZ961npW5lZjmC0h88ieu2ND

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9305

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file mixi237_246.exe has been seen being distributed by the following URL.

http://cdn.ppdownload.com/mixi237_246.exe

Remove mixi237_246.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.