home

pf7-setup-en.exe

Cyberservices B.V.

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application pf7-setup-en.exe by Cyberservices B.V has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The file has been seen being downloaded from www.soft-ware.net.
Publisher:
Cyberservices B.V.  (signed and verified)

MD5:
9bf0bc76c86f48c0b88f186dd54b233b

SHA-1:
05a3ee7b058fd9b5a5efd638c4121c1b417707aa

SHA-256:
b484feca2682416f808b86955b93d49892fb05bae8848dd47bc7b7fb8def769f

Scanner detections:
6 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/4/2024 1:09:48 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Cyberservices
2015.0.3257

Dr.Web
Trojan.Packed
9.0.1.0351

ESET NOD32
Win32/DownloadGuide.D potentially unwanted application
7.0.302.0

K7 AntiVirus
Unwanted-Program
13.188.14368

Malwarebytes
PUP.Optional.DownloadGuide
v2014.12.17.08

Reason Heuristics
PUP.Installer.CyberservicesBV.M
14.12.17.20

File size:
582.8 KB (596,824 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Language:
English (United States)

Common path:
C:\users\{user}\downloads\pf7-setup-en.exe

Digital Signature
Signed by:
Cyberservices B.V.

Authority:
COMODO CA Limited

Valid from:
2/10/2014 1:00:00 AM

Valid to:
2/11/2016 12:59:59 AM

Subject:
CN=Cyberservices B.V., O=Cyberservices B.V., STREET=Keizersgracht 62-64 NL, L=Amsterdam, S=Nordholland, PostalCode=1015CS, C=NL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
797CAC4561E8B8B21910CD01E0002669

File PE Metadata
Compilation timestamp:
12/16/2014 6:52:05 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:XPc8rl9RiIMR1vhdl/JpHHAWxO+dg+euVX1pVq527fopkz:08panR1vhnJRAWk+dRVFpVN7foK

Entry address:
0x21E91

Entry point:
E8, BC, 66, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 56, 8B, F1, 33, DB, 3B, F3, 75, 16, E8, 2F, 1A, 00, 00, 6A, 16, 5E, 89, 30, E8, D3, 19, 00, 00, 8B, C6, E9, 8F, 00, 00, 00, 57, 39, 5D, 08, 77, 13, E8, 13, 1A, 00, 00, 6A, 16, 5E, 89, 30, E8, B7, 19, 00, 00, 8B, C6, EB, 75, 33, C9, 39, 5D, 10, 88, 1E, 0F, 95, C1, 41, 39, 4D, 08, 77, 09, E8, F0, 19, 00, 00, 6A, 22, EB, DB, 8B, 4D, 0C, 83, C1, FE, 83, F9, 22, 77, C9, 8B, CE, 39, 5D, 10, 74, 0B, 33, DB, 43, C6, 06, 2D, 8D, 4E, 01, F7, D8, 8B, F9...
 
[+]

Code size:
318 KB (325,632 bytes)

The file pf7-setup-en.exe has been seen being distributed by the following URL.

http://www.soft-ware.net/getfile/photofiltre/.../pf7-setup-en.exe

Remove pf7-setup-en.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.