home

skype.exe.exe

Safe Click Lol

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application skype.exe.exe by Safe Click Lol has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Safe Click Lol  (signed and verified)

MD5:
f24b0c3b4582862798a4b16a0cb00a60

SHA-1:
24c4b776f947b21ade5f396ffa5ef6c00f1c6176

SHA-256:
fbfdfe45dd747238a47fe3830e85a8dcd6a2b14faaee51dc7200dbad1d67bb10

Scanner detections:
26 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/6/2024 8:26:55 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Outbrowse.4
6568831

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.24

Avira AntiVirus
PUA/Outbrowse.Gen
7.11.212.68

avast!
OutBrowse-HF [PUP]
2014.9-150322

AVG
Potentially harmful program Downloader.DTF
2014.0.4257

Bitdefender
Gen:Variant.Application.Bundler.Outbrowse.4
1.0.20.405

Dr.Web
infected with Trojan.OutBrowse.118
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Outbrowse
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
3/22/2015

F-Secure
Gen:Variant.Application.Bundler
11.2015-22-03_1

G Data
Gen:Variant.Application.Bundler.Outbrowse
15.3.25

herdProtect (fuzzy)
variant of adobe flash.exe (Adware)
2015.6.27.12

K7 AntiVirus
Trojan
13.198.15057

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.2309

McAfee
Program.Adware-OutBrowse.e
5600.6819

MicroWorld eScan
Gen:Variant.Application.Bundler.Outbrowse.4
16.0.0.243

NANO AntiVirus
Trojan.Win32.OutBrowse.dojhzi
0.30.8.659

Quick Heal
Downloader.NSIS.r5 (Not a Virus)
3.15.14.00

Reason Heuristics
PUP.Bundler.Outbrowse
15.3.22.4

Sophos
Generic PUA AE
4.98

Trend Micro House Call
Suspici.6F840C07
7.2.81

Trend Micro
TROJ_GE.53B38312
10.465.22

Vba32 AntiVirus
AdWare.OutBrowse
3.12.26.3

VIPRE Antivirus
Threat.4150696
38552

File size:
599.3 KB (613,656 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Digital Signature
Signed by:
Safe Click Lol

Authority:
thawte, Inc.

Valid from:
2/4/2015 5:00:00 PM

Valid to:
1/27/2016 4:59:59 PM

Subject:
CN=Safe Click Lol, O=Safe Click Lol, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0113B280254155278C27A31712365932

File PE Metadata
Compilation timestamp:
12/5/2009 3:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:vFcCBJjBbmd+BHcAl9e8okFkVtAVm3QyDXxN6wl0MYGyaM9aA:vF9jBCdO9NQTxCla

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9455

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove skype.exe.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.