» setup.exe
Overview
Analysis
File Details

setup.exe

File

STart noW

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application setup.exe by STart noW has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup.

File name:

setup.exe

Publisher:

STart noW (signed and verified)

Product:

File

Version:

1.9.3.0

MD5:

238fa5c939cdac261a1fb05203ad33b9

SHA-1:

2ae4b0d74e33c78bce60446485f076fd4117b15c

SHA-256:

4eb5d59201190feb0686523270ed8d5717edff4331ab0aa1e08a2e154daab8f7

Scanner detections:

24 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/27/2024 3:47:46 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.Outbrowse.BE

5563062

AhnLab V3 Security

PUP/Win32.OutBrowse

2015.05.28

Avira AntiVirus

PUA/Outbrowse.Gen

8.3.1.6

avast!

PUP-gen [PUP]

150525-2

AVG

Potentially harmful program Downloader.GDH

2014.0.4311

Bitdefender

Application.Bundler.Outbrowse.BE

1.0.20.735

Dr.Web

Trojan.OutBrowse.558

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.Outbrowse.BE

10.0.0.5366

ESET NOD32

Win32/OutBrowse.BY potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/OutBrowse

5/27/2015

F-Secure

Riskware.Application.Bundler.Outbrowse

5.14.151

G Data

Application.Bundler.Outbrowse.BE

15.5.25

McAfee

Program.Adware-OutBrowse.g

18.0.204.0

MicroWorld eScan

Application.Bundler.Outbrowse.BE

16.0.0.441

NANO AntiVirus

Trojan.Win32.OutBrowse.dqewmc

0.30.24.1636

Qihoo 360 Security

HEUR/QVM30.1.Malware.Gen

1.0.0.1015

Quick Heal

PUA.Startnow.Gen

5.15.14.00

Reason Heuristics

PUP.Outbrowse.Bundler

15.5.27.13

Sophos

Generic PUA JI

4.98

SUPERAntiSpyware

Adware.OutBrowse/Variant

9850

Trend Micro House Call

TROJ_GE.E6C00849

7.2.147

Trend Micro

TROJ_GE.E6C00849

10.465.27

Vba32 AntiVirus

AdWare.OutBrowse

3.12.26.4

VIPRE Antivirus

Threat.4150696

40552

File size:

1.1 MB (1,101,824 bytes)

Product version:

1.9.3.0

File

Original file name:

Ionic.Zip-2015May03-150912-3cedceb4-2065-40f2-afeb-99f9a706e95e.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

OutBrowse Revenyou

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\My documents\downloads\setup.exe

Digital Signature

Signed by:

STart noW

Authority:

thawte, Inc.

Valid from:

4/29/2015 8:00:00 PM

Valid to:

12/11/2015 6:59:59 PM

Subject:

CN=STart noW, O=STart noW, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

15D4213A1350638DA9BE53171BCF40FB

File PE Metadata

Compilation timestamp:

5/3/2015 11:09:12 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:+Miy4IadS4ms5I6e66fEheKhQsLPbpp8p4SUeJkTrh9Hkx3jX8Tdosvn3QaWuhGc:+bSaE4mvt/VYtW2Hh9oAbvzY0

Entry address:

0x75F3E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.5480

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

464 KB (475,136 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.