home

windows loader 2.2.exe

The application windows loader 2.2.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a setup program which is used to install the application. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from doc-10-94-docs.googleusercontent.com and multiple other hosts.
MD5:
c30798d34fe12df9649aa3578a07df25

SHA-1:
0b8d3f9bb1cd1fa66b034e3ba9233d1c5f7cb016

SHA-256:
5117c4da876ad0e30599809f40a0aab965f8ed5812b7fbbb6978aaa30e1e4bcd

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/24/2024 3:58:12 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.MSIL.OutBrowse
4.0.3.15517

Bkav FE
HW32.Packed
1.3.0.6379

ESET NOD32
BAT/TrojanClicker.Small.NCJ
9.11473

herdProtect (fuzzy)
variant of 825b.tmp
2015.7.22.0

IKARUS anti.virus
Trojan.BAT.Trojanclicker
t3scan.1.8.9.0

Kaspersky
not-a-virus:AdWare.MSIL.OutBrowse
14.0.0.2027

Malwarebytes
PUP.Optional.OutBrowse
v2015.05.17.02

McAfee
Artemis!C30798D34FE1
5600.6762

Panda Antivirus
Generic Suspicious
15.05.17.02

Sophos
Generic PUA GJ
4.98

Trend Micro House Call
TROJ_GEN.R021H07DR15
7.2.137

File size:
2.2 MB (2,298,674 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\windows loader 2.2.exe

File PE Metadata
Compilation timestamp:
1/31/2011 6:44:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:jQVgs9HwERDF7HZhh97w3Hy3qekmzTeU2ClMeXQKDn8opthu6ej3:jQtl3luYTzKU2qMYDJx83

Entry address:
0x1D20

Entry point:
55, 8B, EC, 6A, FF, 68, 28, 21, 40, 00, 68, A0, 1E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 88, 20, 40, 00, 59, 83, 0D, 54, 35, 40, 00, FF, 83, 0D, 58, 35, 40, 00, FF, FF, 15, 84, 20, 40, 00, 8B, 0D, CC, 32, 40, 00, 89, 08, FF, 15, 80, 20, 40, 00, 8B, 0D, C8, 32, 40, 00, 89, 08, A1, 7C, 20, 40, 00, 8B, 00, A3, 5C, 35, 40, 00, E8, 10, 01, 00, 00, 39, 1D, BC, 32, 40, 00, 75, 0C, 68, 9C, 1E, 40, 00, FF, 15, 78, 20...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
4 KB (4,096 bytes)

The file windows loader 2.2.exe has been seen being distributed by the following 2 URLs.

https://doc-10-94-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/5o1mhe2uaqksfmr5db2t6t9qa4g5tdgh/1429776000000/07466404592996986938/.../0Byk3Xg3UqDUJbU1ZcFpCQllwZHc?e=download

https://drive.google.com/uc?export=download&id=0Byk3Xg3UqDUJbU1ZcFpCQllwZHc

Remove windows loader 2.2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.