home

world racing 2.part2.rar.exe

File

cLick Trust OPt

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application world racing 2.part2.rar.exe by cLick Trust OPt has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. According to AVG, this software downloads additional adware offers during setup.
Publisher:
cLick Trust OPt  (signed and verified)

Product:
File

Version:
1.9.3.0

MD5:
834fe85b6c603791e97b50d396785dc9

SHA-1:
6d815d8c5fe255913694c2285a3b687c223b666b

SHA-256:
2d1266bd9ab19b1c1f571d9d4a4d8a36bf251c1be7d6340e2b01705f6b35683f

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 10:04:08 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Trojan.Generic.13152152
5777739

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.04.29

Avira AntiVirus
PUA/Outbrowse.Gen
3.6.1.96

avast!
PUP-gen [PUP]
150414-0

AVG
Potentially harmful program Downloader.FLM
2014.0.4311

Bitdefender
Dropped:Trojan.Generic.13152152
1.0.20.590

Dr.Web
infected with Trojan.OutBrowse.296
9.0.1.05190

Emsisoft Anti-Malware
Dropped:Trojan.Generic.13152152
9.0.0.4799

ESET NOD32
Win32/OutBrowse.BU potentially unwanted
9.11545

Fortinet FortiGate
Riskware/OutBrowse
4/28/2015

F-Secure
Trojan.Generic.13152152
11.2015-28-04_3

G Data
Dropped:Trojan.Generic.13152152
15.4.25

McAfee
Program.Adware-OutBrowse.e
16.8.708.2

MicroWorld eScan
Dropped:Trojan.Generic.13152152
16.0.0.354

NANO AntiVirus
Trojan.Win32.OutBrowse.dqewlt
0.30.24.1357

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Quick Heal
Adware.NSIS.OutBrowse.A
4.15.14.00

Reason Heuristics
PUP.Outbrowse.Bundler
15.4.28.15

Sophos
Generic PUA AC
4.98

Trend Micro House Call
TROJ_GE.924D40A8
7.2.118

Trend Micro
TROJ_GE.924D40A8
10.465.28

Vba32 AntiVirus
Adware.Outbrowse
3.12.26.3

VIPRE Antivirus
Threat.5085447
39486

File size:
1 MB (1,100,576 bytes)

Product version:
1.9.3.0

Copyright:
File

Original file name:
Ionic.Zip-2015Apr10-125548-1f4e9923-e039-44b4-b0ea-66112c91355d.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Common path:
C:\users\{user}\downloads\world racing 2.part2.rar.exe

Digital Signature
Signed by:
cLick Trust OPt

Authority:
thawte, Inc.

Valid from:
4/5/2015 3:00:00 AM

Valid to:
1/28/2016 2:59:59 AM

Subject:
CN=cLick Trust OPt, O=cLick Trust OPt, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5ADB8D25AEF0AF1CF827F2984E25EBD5

File PE Metadata
Compilation timestamp:
4/10/2015 3:55:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:hMiy4IadS4ms5I6e66fEheKhasfzAuJz7E6o8UcuPHzmLEmy1rti1K/Ei3AKP0Xj:hbSaE4mvt/HezAizwV82TmQkIAOKhLw+

Entry address:
0x75F3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.5478

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
464 KB (475,136 bytes)

Remove world racing 2.part2.rar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.