home

nsd8766.tmp

ClIck to StaRt

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file nsd8766.tmp by ClIck to StaRt has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the OutBrowse Revenyou installer. It is also typically executed from the user's temporary directory.
Publisher:
GXFAB  (signed by ClIck to StaRt)

Product:
GXFAB

Version:
8604.15116.866.706

MD5:
8868ccd2cd1dd4e008127a0d58a60ce2

SHA-1:
bde6518fba4c37b99ef8824b9f81fbc7cd0149c8

SHA-256:
037eb889ecfa22d7831516de9682f9f86bd2a44643a4752a9f07d2eedc6026b5

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/15/2024 3:17:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse (M)
17.3.4.1

File size:
315.5 KB (323,080 bytes)

Product version:
8604.15116.866.706

Copyright:
GXFAB

Trademarks:
GXFAB

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\nsd8766.tmp

Digital Signature
Signed by:
ClIck to StaRt

Authority:
thawte, Inc.

Valid from:
10/28/2015 8:00:00 PM

Valid to:
12/17/2015 6:59:59 PM

Subject:
CN=ClIck to StaRt, O=ClIck to StaRt, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
37D9E505BF19699767562A9E46FA22AE

File PE Metadata
Compilation timestamp:
12/5/2009 5:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.6432

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove nsd8766.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.