home

setup v2014.exe

The application setup v2014.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from download1871.mediafire.com.
MD5:
1620bf10c00c1fea8c8e44aeb54dbe44

SHA-1:
873d733dfb82e8f82a101290597dce0eda61b6de

SHA-256:
9a3a8aab3879d7ca20a5b285b2c5b7853a6a7b73141dc69d47d982a26aaf7e14

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/25/2024 12:07:26 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
14.07.04

AVG
MalSign.OutBrowse
2015.0.3424

Baidu Antivirus
HackTool.Win32.OutBrowse
4.0.3.1474

Comodo Security
Application.Win32.OutBrowse.~B
17992

Dr.Web
Adware.Downware.1676
9.0.1.0185

ESET NOD32
Win32/OutBrowse (variant)
8.9593

Fortinet FortiGate
Riskware/NSIS_OutBrowse
7/4/2014

G Data
Win32.Application.OutBrowse
14.7.24

K7 AntiVirus
Trojan
13.176.11554

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.3613

Malwarebytes
PUP.Optional.Smart
v2014.07.04.11

McAfee
Artemis!1620BF10C00C
5600.7080

NANO AntiVirus
Trojan.Win32.OutBrowse.crkqqe
0.28.0.58720

Qihoo 360 Security
Win32/Virus.Downloader.ad6
1.0.0.1015

Quick Heal
Downloader.NSIS.OutBrowse.b (Not a Virus)
7.14.12.00

Sophos
OutBrowse
4.98

Trend Micro House Call
TROJ_GEN.R047H07A614
7.2.185

Vba32 AntiVirus
Downloader.OutBrowse
3.12.24.3

VIPRE Antivirus
OutBrowse
27736

File size:
601.4 KB (615,801 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup v2014.exe

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:Pi5cWN3aPbD3x6imu00ufz6HSkdxvN+RrA55N2uSgcbUe6Q8SAEe3nTJlA:P4rNKPbDVmH0uf+HSkHl+RsnNFSgcD6Q

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9772

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file setup v2014.exe has been seen being distributed by the following URL.

http://download1871.mediafire.com/y702b34ffmcg/.../Setup v2014.exe

Remove setup v2014.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.