» pesedit 2013 patch 8.1 update 2015 2016 legends edition.exe
Overview
Analysis
File Details

pesedit 2013 patch 8.1 update 2015 2016 legends edition.exe

safe InStAll OPT

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application pesedit 2013 patch 8.1 update 2015 2016 legends edition.exe by safe InStAll OPT has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the OutBrowse Revenyou installer.

File name:

Publisher:

XSMMM (signed by safe InStAll OPT)

Product:

XSMMM

Version:

9026.15910.1363.9927

MD5:

8243dcd6a7acc3d10d863c93b1b74adc

SHA-1:

423f48fb91eb6ec96c7e6e06ee674b3beac032d3

SHA-256:

5314bbad036053db0765b2401a0866a4edbb392ee5863e5bf93679dcf1535548

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

5/16/2024 10:41:29 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Outbrowse (M)

16.12.6.5

File size:

547.4 KB (560,576 bytes)

Product version:

9026.15910.1363.9927

XSMMM

Trademarks:

XSMMM

File type:

Executable application (Win32 EXE)

Bundler/Installer:

OutBrowse Revenyou (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\pesedit 2013 patch 8.1 update 2015 2016 legends edition.exe

Digital Signature

Signed by:

safe InStAll OPT

Authority:

thawte, Inc.

Valid from:

6/30/2015 7:00:00 AM

Valid to:

1/28/2016 6:59:59 AM

Subject:

CN=safe InStAll OPT, O=safe InStAll OPT, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

695B543CAB5F09BA48EDE742F7236A3F

File PE Metadata

Compilation timestamp:

12/6/2009 5:52:12 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:I4iDvTrnZxtcZIQEF80QvlZc3U7RDFmiZbu9ix:IPrZcmQESVvlZckNFPoI

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove pesedit 2013 patch 8.1 update 2015 2016 legends edition.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.