» 272056
Overview
Analysis
File Details
Programs (1)

272056

Goobzo LTD

The file 272056, “Object Browser exe” by Goobzo has been detected as adware by 16 anti-malware scanners. This file is typically installed with the program Object Browser which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory.

File name:

272056

Publisher:

Object Browser (signed by Goobzo LTD)

Product:

Object Browser

Description:

Object Browser exe

Version:

1000.1000.1000.1000

MD5:

f12d96e687ff0ad3dcad82eacdeec779

SHA-1:

d0efbb51671e5778e8c7442893f128c1675b05b5

SHA-256:

d5786e8864a8f43bb6dda481ae2cb88bdeb7816512d7168562114cb4890b3920

Scanner detections:

16 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/25/2024 3:42:19 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.177.204

avast!

Win32:Malware-gen

2014.9-150325

AVG

Skodna

2016.0.3159

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.15325

ESET NOD32

Win32/Toolbar.CrossRider.AA (variant)

9.10551

G Data

Win32.Application.Shopperpro

15.3.24

herdProtect (fuzzy)

variant of iwebar-buttonutil.exe (Adware)

2015.6.30.17

K7 AntiVirus

Unwanted-Program

13.183.13642

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

14.0.0.2291

Malwarebytes

PUP.Optional.ObjectBrowser.A

v2015.03.25.08

Panda Antivirus

Adware/Goobzo

15.03.25.08

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.Goobzo

15.3.25.20

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.15323

Sophos

Goobzo

4.98

VIPRE Antivirus

Crossrider

33860

File size:

328.4 KB (336,240 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Object Browser.exe

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\272056

Digital Signature

Signed by:

Goobzo LTD

Authority:

Thawte, Inc.

Valid from:

5/1/2013 7:00:00 PM

Valid to:

5/2/2015 6:59:59 PM

Subject:

CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

120B25DDE57B88636AD4D97D23B99C88

File PE Metadata

Compilation timestamp:

6/23/2014 5:03:05 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:sAwSm9Mlw24xgakVNeqpqYn5/c1AyQa7E:4Sy5wtNeqpdQQx

Entry address:

0x25015

Entry point:

E8, 5C, 9A, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, D0, C2, 44, 00, E8, E5, 27, 00, 00, E8, 4B, 16, 00, 00, 0F, B7, F0, 6A, 02, E8, EF, 99, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 3D, 30, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.3713

Code size:

248 KB (253,952 bytes)

The file 272056 has been discovered within the following program.

Object Browser by Object Browser

Object Browser is an adware style application that runs in the web browser as a toolbar and web extension.

66% remove it

Remove 272056 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.