home

Setup.exe

Safe Install Opt

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file Setup.exe by Safe Install Opt has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
Safe Install Opt  (signed and verified)

MD5:
168bd39574f3c0806af572e7aaef22c0

SHA-1:
f5e05dbdc2ea58e101fe1c26be8af369d4383a28

SHA-256:
65c601ab42cffd8c59bdcbfb9c9bad290b5a88318f488c23291b424448964aca

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
5/16/2024 7:11:04 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Outbrowse.BA
494

avast!
PUP-gen [PUP]
2014.9-150928

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.OutBrowse.231
9.0.1.0271

Emsisoft Anti-Malware
Application.Bundler.Outbrowse.BA
8.15.09.28.06

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
9.7.0.302.0

herdProtect (fuzzy)
variant of clannad_visual_novel_english_free.exe (Adware)
2015.9.28.18

McAfee
Program.Adware-OutBrowse.e
5600.6628

MicroWorld eScan
Application.Bundler.Outbrowse.BA
16.0.0.813

Norman
Application.Bundler.Outbrowse.BA
11.20150928

Quick Heal
Adware.NSIS.OutBrowse.A
9.15.14.00

Reason Heuristics
PUP.Outbrowse.SafeInstallOpt (M)
15.8.15.10

VIPRE Antivirus
Threat.5085447
40828

File size:
698.4 KB (715,208 bytes)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Safe Install Opt

Authority:
thawte, Inc.

Valid from:
2/5/2015 12:00:00 AM

Valid to:
1/27/2016 11:59:59 PM

Subject:
CN=Safe Install Opt, O=Safe Install Opt, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
117B6D764620FDA76941B20E33F86520

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:48J3AXrtoYYmphN2PEqibCISU6PzC5yMFURpgOgwfKkiSOb1erU9Jgjgp:48yXrRY4hN2cqi2IqzqUROQfKkiSORwg

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9568

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.