home

ramrush.exe

OutBrowse

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application ramrush.exe by OutBrowse has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from cdn.file2desktop.com.
Publisher:
OutBrowse  (signed and verified)

MD5:
1af61aa8477a47831b048cf660625944

SHA-1:
6b8a95266dbd36dac7428ab91397d08eae529264

SHA-256:
391fd092a6609f6ac70c8d33a54c1cef0f7c30e0375c155e183510fc20e8f2b6

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 2:05:14 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.OutBrowse
2014.0.3617

Comodo Security
Application.Win32.OutBrowse.~B
17491

Dr.Web
Adware.Downware.1664
9.0.1.0356

ESET NOD32
Win32/OutBrowse (variant)
7.9190

Fortinet FortiGate
Riskware/NSIS_OutBrowse
12/22/2013

herdProtect (fuzzy)
variant of vlcplayer.exe (Adware)
2013.12.25.23

K7 AntiVirus
Unwanted-Program
13.174.10623

Malwarebytes
PUP.Optional.Smart
v2013.12.22.12

McAfee
Artemis!C3015E208473
5600.7273

NANO AntiVirus
Trojan.Win32.OutBrowse.crkqqe
0.28.0.57029

Reason Heuristics
PUP.OutBrowse.H
14.8.7.20

Sophos
Generic PUA DH
4.96

Trend Micro House Call
TROJ_GEN.F47V1130
7.2.356

Vba32 AntiVirus
Downloader.OutBrowse
3.12.24.3

VIPRE Antivirus
OutBrowse
24706

ViRobot
Trojan.Win32.Agent.87672
2011.4.7.4223

XVirus List
Win32.Detected
2.8.7

File size:
614.2 KB (628,984 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\ramrush.exe

Digital Signature
Signed by:
OutBrowse

Authority:
VeriSign, Inc.

Valid from:
10/24/2013 3:00:00 AM

Valid to:
10/25/2014 2:59:59 AM

Subject:
CN=OutBrowse, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OutBrowse, L=Ramat Gan, S=Ramat Gan, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
56A6FE571611B68C9224798AD62913CA

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:pV5cWN3aPbD3x6imu00ufz6HSkdxvN+RrA55N2uSgcbUe6Q8SAEe3nTJlD:pjrNKPbDVmH0uf+HSkHl+RsnNFSgcD6z

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9746

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file ramrush.exe has been seen being distributed by the following URL.

http://cdn.file2desktop.com/.../RAMRush.exe

Remove ramrush.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.