home

setup.exe

Tiki Taka

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application setup.exe by Tiki Taka has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Tiki Taka  (signed and verified)

MD5:
88c16ec1f5729e04d388636317ad60b2

SHA-1:
c91a8d9d599d7b0266c2aa6c8795ff5463feb058

SHA-256:
81ffe26d602cf9833fd7dc0fd0754250fd40a3849f60494efe2af6ed3b7c0b3a

Scanner detections:
29 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/23/2024 4:24:19 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Trojan.Generic.13131657
647

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.04.29

Avira AntiVirus
PUA/Outbrowse.Gen
3.6.1.96

avast!
OutBrowse-BU [PUP]
2014.9-150428

AVG
Potentially harmful program Downloader
2016.0.3125

Bitdefender
Dropped:Trojan.Generic.13131657
1.0.20.590

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.AltBrowse.HY
21926

Dr.Web
Trojan.OutBrowse.68
9.0.1.0118

Emsisoft Anti-Malware
Dropped:Trojan.Generic.13131657
8.15.04.28.02

ESET NOD32
Win32/OutBrowse.BU potentially unwanted
9.11545

Fortinet FortiGate
Riskware/OutBrowse
4/28/2015

F-Prot
W32/Outbrowse.B2.gen
v6.4.7.1.166

F-Secure
Dropped:Trojan.Generic.13131657
11.2015-28-04_3

G Data
Dropped:Trojan.Generic.13131657
15.4.25

herdProtect (fuzzy)
variant of setup(1).exe (Adware)
2015.7.28.17

K7 AntiVirus
Unwanted-Program
13.203.15734

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
15.0.0.543

McAfee
Program.Adware-OutBrowse.e
5600.6781

MicroWorld eScan
Dropped:Trojan.Generic.13131657
16.0.0.354

NANO AntiVirus
Trojan.Win32.DownLoad3.dqapeg
0.30.24.1357

Quick Heal
Adware.NSIS.OutBrowse.A
4.15.14.00

Reason Heuristics
Threat.Outbrowse.Bundler
15.4.28.10

Sophos
PUA 'OutBrowse Revenyou'
5.13

Trend Micro House Call
TROJ_GE.359C63D5
7.2.118

Trend Micro
TROJ_GE.359C63D5
10.465.28

Vba32 AntiVirus
Signed-Adware.Outbrowse
3.12.26.3

VIPRE Antivirus
Threat.4784459
39486

File size:
557.4 KB (570,816 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Tiki Taka

Authority:
GlobalSign nv-sa

Valid from:
12/31/2014 1:00:08 PM

Valid to:
11/20/2015 9:39:17 AM

Subject:
CN=Tiki Taka, O=Tiki Taka, L=Dublin, C=IE

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C2B62F950620B06898B61A2141C617E2

File PE Metadata
Compilation timestamp:
12/5/2009 10:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:4+zeD39MkkR3MTkOT1ws/ujz+52khoU73aTe:43zakk93OT1wZu52I73r

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9637

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.