» mouseserver.exe
Overview
Analysis
File Details
Downloads (1)

mouseserver.exe

The application mouseserver.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from www.factorysendgrab.com.

File name:

mouseserver.exe

MD5:

a1d81b9792d04db1e300899a899c457f

SHA-1:

8f37ddfbb9a731ea17688b86667e342275568bcd

SHA-256:

c4c4c9a0f58f8da0eddf5cb588b6851852fa6240fdeb0c6297faef340a7a9367

Scanner detections:

19 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

6/26/2025 9:16:12 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.OutBrowse

7.1.1

avast!

Win32:Malware-gen

2014.9-140502

AVG

MalSign.OutBrowse

2015.0.3533

Baidu Antivirus

HackTool.Win32.OutBrowse

4.0.3.14316

Comodo Security

Application.Win32.OutBrowse.~A

17925

Dr.Web

Adware.Downware.1676

9.0.1.075

Emsisoft Anti-Malware

Gen:Variant.Dropper.99

8.14.03.16.01

ESET NOD32

Win32/OutBrowse (variant)

8.9308

Fortinet FortiGate

Riskware/NSIS_OutBrowse

3/16/2014

IKARUS anti.virus

not-a-virus:Downloader.NSIS

t3scan.2.2.29

K7 AntiVirus

Unwanted-Program

13.175.10881

Kaspersky

not-a-virus:Downloader.NSIS.OutBrowse

14.0.0.4162

Malwarebytes

PUP.Optional.OutBrowse

v2014.03.16.01

McAfee

Artemis!9DDCBF0D0925

5600.7143

NANO AntiVirus

Trojan.Win32.OutBrowse.csrlza

0.28.0.58394

Sophos

Generic PUA CH

4.96

Trend Micro House Call

TROJ_GEN.R047H07AI14

7.2.75

Vba32 AntiVirus

Downloader.OutBrowse

3.12.24.3

VIPRE Antivirus

OutBrowse

25568

File size:

616 KB (630,761 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\mouseserver.exe

File PE Metadata

Compilation timestamp:

12/6/2009 12:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:nqFyhCfsMntd1zdwVWyK1EzotWlj+kzVX0xp+lHTNo5uLMxHeXAkepYsq4O:n6yhCfsMtpwof1EzotWln3M6VXopa4O

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9785

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file mouseserver.exe has been seen being distributed by the following URL.

http://www.factorysendgrab.com/c?x=kyFJWv9KnviPM6b9MH3WOGP6xMHu5xCDKtYfrPAVqcM=&c=AX3 yPOxQ9VbCxLLhgC0q9WvVXHv4dR/muqFo3EsakXYPur8ywilinL8jl W H5cLcxcfOUz/0Od/5IkNcTYyUXV9nLNHH9ZwhpA4kH Okya8gcDX2T/OS2j87m/l3ZMmQyu2LNTuF tPOsH0kEwEQ==&e=0&downloadAs=Mouse Server Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/1242/.../MouseServer.exe

Remove mouseserver.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.