home

bobrowser.exe

BoBrowser

CLARALABSOFTWARE

The application bobrowser.exe by CLARALABSOFTWARE has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘BoBrowser’. This file is typically installed with the program BoBrowser. While running, it connects to the Internet address d0.91.6132.ip4.static.sl-reverse.com on port 443.
Publisher:
The BoBrowser Authors  (signed by CLARALABSOFTWARE)

Product:
BoBrowser

Version:
36.0.1985.136

MD5:
1b7263f59c7aeb95664b338846bc5f3e

SHA-1:
31536968874d18a7b4324c122b1a02b93b9feea8

SHA-256:
e3831a257f857abe3ffebeac64b7f2bcc2009f28822e26e88e1fe23063134244

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 12:28:10 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Startup.CLARALABSOFTWARE.J
14.11.24.11

File size:
7 MB (7,353,992 bytes)

Product version:
36.0.1985.136

Copyright:
Copyright 2014 The BoBrowser Authors. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\bobrowser\application\bobrowser.exe

Digital Signature
Signed by:
CLARALABSOFTWARE

Authority:
GlobalSign nv-sa

Valid from:
7/29/2014 5:13:08 AM

Valid to:
7/30/2015 5:13:08 AM

Subject:
CN=CLARALABSOFTWARE, O=CLARALABSOFTWARE, L=Paris, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121E6E5C72C946A5248674AB7B56E24B246

File PE Metadata
Compilation timestamp:
11/18/2014 8:25:42 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:uQhOvANzEu03X3dfjZGW4CdhlbLua3Zy2:dOYNzEu0FZGuZy2

Entry address:
0x44ADB

Entry point:
E8, ED, C6, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 99, F7, 7D, 0C, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 52, 1E, 00, 00, 6A, 16, 5E...
 
[+]

Code size:
385.5 KB (394,752 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
BoBrowser

Command:
"C:\users\{user}\appdata\local\bobrowser\application\bobrowser.exe"


The file bobrowser.exe has been discovered within the following programs.

BoBrowser  by BoBrowser
38% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-84-179-209.gru50.r.cloudfront.net  (52.84.179.209:80)

TCP (HTTP):
Connects to w04.ttms.eu  (46.105.156.76:80)

TCP (HTTP):
Connects to w01.ttms.eu  (46.105.156.71:80)

TCP (HTTP):
Connects to server-52-85-184-29.fra2.r.cloudfront.net  (52.85.184.29:80)

TCP (HTTP SSL):
Connects to s3-1.amazonaws.com  (52.216.80.171:443)

TCP (HTTP):
Connects to li824-56.members.linode.com  (104.237.156.56:80)

TCP (HTTP SSL):
Connects to i2-h0-s1070.p11-fra.cdngp.net  (174.35.62.132:443)

TCP (HTTP SSL):
Connects to ec2-52-45-166-64.compute-1.amazonaws.com  (52.45.166.64:443)

TCP (HTTP SSL):
Connects to ec2-52-207-48-5.compute-1.amazonaws.com  (52.207.48.5:443)

TCP (HTTP SSL):
Connects to ec2-50-19-113-170.compute-1.amazonaws.com  (50.19.113.170:443)

TCP (HTTP SSL):
Connects to ec2-23-23-152-121.compute-1.amazonaws.com  (23.23.152.121:443)

TCP (HTTP):
Connects to pr-bh.pbp.vip.bf1.yahoo.com  (72.30.2.182:80)

TCP (HTTP SSL):
Connects to d0.91.6132.ip4.static.sl-reverse.com  (50.97.145.208:443)

TCP (HTTP SSL):
Connects to 47.30.acb8.ip4.static.sl-reverse.com  (184.172.48.71:443)

Remove bobrowser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.