home

skype.exe

OutBrowse

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application skype.exe by OutBrowse has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from downloader2.downloadinfo.co.
Publisher:
OutBrowse  (signed and verified)

MD5:
2e1663b077c942081713f1b8c8a9efa8

SHA-1:
2b1550d14eb66c97b6bf26199df865ba8a8320c0

SHA-256:
927047d749b20573bcba77d8d79436319d71a665ad3ce3df812285562e110aab

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 11:42:12 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2014.07.30

Avira AntiVirus
APPL/Downloader.Gen
7.11.164.144

AVG
OutBrowse
2015.0.3398

Comodo Security
Application.Win32.Outbrowse.G
19020

Dr.Web
Adware.Downware.2081
9.0.1.05190

ESET NOD32
Win32/OutBrowse.J potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
7/30/2014

herdProtect (fuzzy)
variant of installer.exe (Adware)
2014.9.10.5

IKARUS anti.virus
AdWare.Downware
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.181.12872

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.3484

Malwarebytes
PUP.Optional.Outbrowse
v2014.07.30.03

McAfee
Adware-OutBrowse
5600.7054

NANO AntiVirus
Trojan.Win32.Generic.cthmwf
0.28.2.61148

Reason Heuristics
PUP.OutBrowse.F
14.8.7.20

Sophos
OutBrowse
4.98

VIPRE Antivirus
Threat.4784459
31208

File size:
108.1 KB (110,720 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\skype.exe

Digital Signature
Signed by:
OutBrowse

Authority:
VeriSign, Inc.

Valid from:
10/23/2013 8:00:00 PM

Valid to:
10/24/2014 7:59:59 PM

Subject:
CN=OutBrowse, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OutBrowse, L=Ramat Gan, S=Ramat Gan, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
56A6FE571611B68C9224798AD62913CA

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:UgXdZt9P6D3XJGCen15Ky/9XO3jR0eWSzUu/0Wo:Ue341en1UQ9OzRgW/ch

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.6844

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file skype.exe has been seen being distributed by the following URL.

http://downloader2.downloadinfo.co/download.php?id=d8d59ee23f3407055c25666d40959cfb4afd2555&z=8&p=eyJweSI6ImRpIiwicnMiOiJnb29nbGUiLCJydCI6InNlYXJjaCIsImMiOiJ1cyIsIm8iOiJ3aW43IiwiYiI6ImNoMzIiLCJ1X2lkIjoiZGlfNTJmMDFkYWFlMjc4YzAuODE5NzAzNzkiLCJwYV9pZCI6IjgiLCJzdF9pZCI6IjAiLCJzcF9pZCI6IjAwMDAtMDAwMCIsInRzIjoxMzkxNDY3OTQ3LCJrdyI6InNreXBlIiwiY3UiOiJza3lwZSIsImNhIjpudWxsfQ==

Remove skype.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.