home

windows loader 2.3.exe

The application windows loader 2.3.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a setup program which is used to install the application. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from doc-10-04-docs.googleusercontent.com and multiple other hosts.
MD5:
06849bf7757d4fb5463112e0597977e3

SHA-1:
434bf2b68969ad4e9f1476a75afa84827a16dcc8

SHA-256:
b1fbf5c349b7ff17fda411ce55d2973136bc5000882ac4fe7554b682b1beb9ee

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/23/2024 10:47:45 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.MSIL.OutBrowse
4.0.3.1535

Bkav FE
HW32.Packed
1.3.0.6379

herdProtect (fuzzy)
variant of windows 8 activator.exe
2015.6.12.1

Kaspersky
not-a-virus:AdWare.MSIL.OutBrowse
14.0.0.2393

McAfee
Artemis!8C221EABA0FA
5600.6737

Panda Antivirus
Generic Suspicious
15.06.12.01

Trend Micro House Call
TROJ_GEN.R047H07CH15
7.2.64

File size:
2.1 MB (2,242,630 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\windows loader 2.3.exe

File PE Metadata
Compilation timestamp:
1/31/2011 7:44:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:iQHs9Sfrtw1yzf6DfhuRmr9FeKHoZFvtAGIiYDBXSbA:iQ7jtwgzSrsRcT0qtiqhSbA

Entry address:
0x1D20

Entry point:
55, 8B, EC, 6A, FF, 68, 28, 21, 40, 00, 68, A0, 1E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 88, 20, 40, 00, 59, 83, 0D, 54, 35, 40, 00, FF, 83, 0D, 58, 35, 40, 00, FF, FF, 15, 84, 20, 40, 00, 8B, 0D, CC, 32, 40, 00, 89, 08, FF, 15, 80, 20, 40, 00, 8B, 0D, C8, 32, 40, 00, 89, 08, A1, 7C, 20, 40, 00, 8B, 00, A3, 5C, 35, 40, 00, E8, 10, 01, 00, 00, 39, 1D, BC, 32, 40, 00, 75, 0C, 68, 9C, 1E, 40, 00, FF, 15, 78, 20...
 
[+]

Entropy:
7.9453

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
4 KB (4,096 bytes)

The file windows loader 2.3.exe has been seen being distributed by the following 6 URLs.

https://doc-10-04-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/9uk4onpukp6618hhnps3m9rhhii6utpm/1425758400000/08786061292528027406/.../0B-EthI79WXHNbGdydjJRUDZEZkE?e=download

https://doc-10-bg-docs.googleusercontent.com/docs/securesc/66mm40p02nlhdte6vmfcrl3l6a6dd0d9/os9s62i9h0b74or4oi65hh2ajof899bo/1425866400000/08786061292528027406/.../0B-EthI79WXHNbGdydjJRUDZEZkE?e=download

http://download1209.mediafire.com/8wnz7taa7b2g/.../Windows Loader 2.3.exe

http://www.mediafire.com/download/.../Windows_Loader_2.3.exe

https://drive.google.com/uc?export=download&id=0B-EthI79WXHNbGdydjJRUDZEZkE

http://smarturl.it/WindowsLoader2.2

Remove windows loader 2.3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.