home

bobrowser.exe

BoBrowser

The BoBrowser Authors

The application bobrowser.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program BoBrowser. While running, it connects to the Internet address as2.servinformatica.com on port 80 using the HTTP protocol.
Publisher:
The BoBrowser Authors

Product:
BoBrowser

Version:
36.0.1985.131

MD5:
05ad6dfec9d08f7b95a2b35c47a02f5b

SHA-1:
38f1c123ebec874b4438d9bb876bbcd61b64fb40

SHA-256:
7d17a260350c04654a3215db2bb2cea2a7350c8ae5441659ef37cef7ec6b2cea

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 9:00:51 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ClaraLabs.Browser.Meta (M)
15.10.19.16

File size:
7 MB (7,348,224 bytes)

Product version:
36.0.1985.131

Copyright:
Copyright 2014 The BoBrowser Authors. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\bobrowser\application\bobrowser.exe

File PE Metadata
Compilation timestamp:
10/22/2014 9:58:33 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:JQhOvANzEu03X3dfxZaW4CdhlbLua3ty:wOYNzEu0bZauty

Entry address:
0x44ADB

Entry point:
E8, ED, C6, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 99, F7, 7D, 0C, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 52, 1E, 00, 00, 6A, 16, 5E...
 
[+]

Code size:
385.5 KB (394,752 bytes)

Shell Open Command
Open type:
ftp

Command:
"C:\users\{user}\appdata\local\bobrowser\application\bobrowser.exe" -- "%1"


The file bobrowser.exe has been discovered within the following programs.

BoBrowser  by BoBrowser
38% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-gru2.facebook.com  (31.13.85.8:443)

TCP (HTTP SSL):
Connects to 201-0-224-17.dial-up.telesp.net.br  (201.0.224.17:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-02-gru2.fbcdn.net  (157.240.12.16:443)

TCP (HTTP SSL):
Connects to edge-z-m-mini-shv-01-gru2.facebook.com  (31.13.85.37:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-gru2.fbcdn.net  (31.13.85.4:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-eze1.fbcdn.net  (31.13.94.24:443)

TCP (HTTP):
Connects to ec2-54-228-237-87.eu-west-1.compute.amazonaws.com  (54.228.237.87:80)

TCP (HTTP SSL):
Connects to laxmvpdvip1.fwmrm.net  (38.71.2.160:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-eze1.facebook.com  (31.13.94.19:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-eze1.facebook.com  (31.13.94.35:443)

TCP (HTTP SSL):
Connects to bb7b1c1b.virtua.com.br  (187.123.28.27:443)

TCP (HTTP SSL):
Connects to server-54-230-226-242.gig50.r.cloudfront.net  (54.230.226.242:443)

TCP (HTTP):
Connects to as2.servinformatica.com  (163.172.73.9:80)

TCP (HTTP SSL):
Connects to a173-222-177-219.deploy.static.akamaitechnologies.com  (173.222.177.219:443)

TCP (HTTP SSL):
Connects to 94.31.29.64.IPYX-077437-ZYO.above.net  (94.31.29.64:443)

TCP (HTTP SSL):
Connects to 201-0-224-18.dial-up.telesp.net.br  (201.0.224.18:443)

TCP (HTTP SSL):
Connects to 132.253.178.107.bc.googleusercontent.com  (107.178.253.132:443)

TCP (HTTP):
Connects to server-54-192-59-61.gru1.r.cloudfront.net  (54.192.59.61:80)

TCP (HTTP SSL):
Connects to server-54-192-224-225.gig50.r.cloudfront.net  (54.192.224.225:443)

Remove bobrowser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.