» vroot-rv.sfx.exe
Overview
Analysis
File Details
Downloads (2)

vroot-rv.sfx.exe

The application vroot-rv.sfx.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

vroot-rv.sfx.exe

MD5:

bb9a5687a744760629cc411ed2a124b5

SHA-1:

189a5b69df0a69fca52147feaa5ae48fd5e2c030

SHA-256:

1dccefc78f970b5315b2070f1940afc3146f6350e3fd4f68a5807dec9df9c0b7

Scanner detections:

25 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/29/2024 7:44:01 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.Outbrowse.BE

549

Agnitum Outpost

PUA.OutBrowse

7.1.1

Avira AntiVirus

PUA/Outbrowse.Gen

8.3.1.6

Arcabit

Application.Bundler.Outbrowse.BE

1.0.0.425

avast!

Win32:OutBrowse-LE [PUP]

2014.9-150805

AVG

MSIL8

2016.0.3027

Baidu Antivirus

Adware.Win32.OutBrowse

4.0.3.1585

Bitdefender

Application.Bundler.Outbrowse.BE

1.0.20.1085

Dr.Web

Trojan.OutBrowse.339

9.0.1.0217

ESET NOD32

Win32/OutBrowse.BU potentially unwanted

9.12045

Fortinet FortiGate

Riskware/OutBrowse

8/5/2015

F-Prot

W32/OutBrowse.N

v6.4.7.1.166

F-Secure

Application.Bundler.Outbrowse

11.2015-05-08_4

G Data

Application.Bundler.Outbrowse.BE

15.8.25

IKARUS anti.virus

PUA.OutBrowse

t3scan.1.9.5.0

Kaspersky

not-a-virus:AdWare.Win32.OutBrowse

14.0.0.1628

McAfee

RDN/Generic.dx!dqx

5600.6683

MicroWorld eScan

Application.Bundler.Outbrowse.BE

16.0.0.651

NANO AntiVirus

Trojan.Win32.OutBrowse.dqucfx

0.30.24.2668

Panda Antivirus

Trj/CI.A

15.08.05.07

Quick Heal

PUA.Tikitaka1.Gen

8.15.14.00

Sophos

Generic PUA EJ (PUA)

4.98

Trend Micro

TROJ_GE.A28D1F8E

10.465.05

Vba32 AntiVirus

Hoax.PornoAsset

3.12.26.4

VIPRE Antivirus

OutBrowse

42632

File size:

939.4 KB (961,916 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\programs\vroot-rv.sfx.exe

File PE Metadata

Compilation timestamp:

6/9/2012 8:19:49 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:w2O/GlJaPyQAZvL1OPFlkibI3jvzU8oh/vFC1LKjUoPG:4PyhIvxQvUa4jUoPG

Entry address:

0xAC87

Entry point:

E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 9F, 30, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, 8F, AB, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 24, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 24, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 0E, B1, FF, FF, C3, 56, 8B, F1, 8B, 06, 85, C0, 74, 07, 50, FF, 15, C4, 40, 41, 00, 83, 26, 00, 83, 66, 08, 00, 83, 66, 0C, 00, 5E, C3, 56, 8B, F1, 80, 7E, 04, 00, 75, 34, 68, F4, 44, 41, 00... 
[+]

Entropy:

7.9528 (probably packed)

Code size:

73 KB (74,752 bytes)

The file vroot-rv.sfx.exe has been seen being distributed by the following 2 URLs.

temp:Vroot-rv.sfx.exe

http://vrootdownload.com/.../Vroot-rv.sfx.exe

Remove vroot-rv.sfx.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.