bobrowser.exe

BoBrowser

ClaraLabSoftware

The application bobrowser.exe by ClaraLabSoftware has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler. This file is typically installed with the program BoBrowser.
Publisher:
The BoBrowser Authors  (signed by ClaraLabSoftware)

Product:
BoBrowser

Version:
45.0.2454.153

MD5:
84a8896ced1b6e7f9a110a62c7b76995

SHA-1:
a69cfc0f480627013e0cff2e1e6e7d60998fa81a

SHA-256:
8505e784ed4f8da1b508458d1ebc42b9d495b154a52b3458626c5ae635a00ced

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
8/17/2018 12:13:59 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ClaraLab (M)
16.3.22.16

File size:
591.8 KB (605,952 bytes)

Product version:
45.0.2454.153

Copyright:
Copyright 2014 The BoBrowser Authors. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\bobrowser\application\bobrowser.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/31/2015 1:00:00 AM

Valid to:
12/21/2016 12:59:59 AM

Subject:
CN=ClaraLabSoftware, OU=ClaraLabSoftware, O=ClaraLabSoftware, POBox=ClaraLabSoftware, STREET=32 BOULEVARD DE STRASBOURG, L=PARIS, S=FRANCE, PostalCode=75010, C=FR

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008857DCCA6BEB83363B5B8D19600709FF

File PE Metadata
Compilation timestamp:
3/15/2016 7:17:33 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:aL7TTvG8E9mz+ClTABc5jBMZ4nEaAUET384b3csEg6dago8SIAOtw+02Dtz9Q:aL7TT1fX4bWVSwt9F9Q

Entry address:
0x42A34

Entry point:
E8, 10, 96, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 55, 8B, EC, 83, EC, 14, 53, 56, 33, DB, 57, 8B, 7D, 08, 89, 5D, F8, 89, 5D, F4, 89, 5D, FC, 85, FF, 75, 18, E8, F0, 13, 00, 00, 6A, 16, 5E, 89, 30, E8, E5, D0, FF, FF, 8B, C6, 5F, 5E, 5B, 8B, E5, 5D, C3, 6A, 24, 68, FF, 00, 00, 00, 57, E8, 1C, FA, FF, FF...
 
[+]

Code size:
367.5 KB (376,320 bytes)

Scheduled Task
Task name:
Run_Bobby_Browser

Trigger:
Registration (Runs on registration)


The file bobrowser.exe has been discovered within the following program.

BoBrowser  by BoBrowser
38% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-55-12-167.compute-1.amazonaws.com  (52.55.12.167:80)

TCP (HTTP SSL):
Connects to ec2-23-23-112-220.compute-1.amazonaws.com  (23.23.112.220:443)

TCP (HTTP SSL):
Connects to ec2-50-19-113-170.compute-1.amazonaws.com  (50.19.113.170:443)

TCP (HTTP SSL):
Connects to dh-in-f94.1e100.net  (209.85.203.94:443)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (52.216.0.234:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-02-gru2.facebook.com  (157.240.12.35:443)

TCP (HTTP):
Connects to ec2-107-23-60-50.compute-1.amazonaws.com  (107.23.60.50:80)

TCP (HTTP SSL):
Connects to 189-113-79-145.static.sumicity.net.br  (189.113.79.145:443)

TCP (HTTP SSL):
Connects to wb-in-f156.1e100.net  (66.102.1.156:443)

TCP (HTTP SSL):
Connects to server-52-84-178-66.gru50.r.cloudfront.net  (52.84.178.66:443)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

TCP (HTTP SSL):
Connects to a23-75-168-192.deploy.static.akamaitechnologies.com  (23.75.168.192:443)

TCP (HTTP SSL):
Connects to 200-155-82-218.bradesco.com.br  (200.155.82.218:443)

TCP (HTTP SSL):
Connects to 200-155-82-217.bradesco.com.br  (200.155.82.217:443)

TCP (HTTP SSL):
Connects to 200-155-82-202.bradesco.com.br  (200.155.82.202:443)

TCP (HTTP SSL):
Connects to 57.247.178.107.bc.googleusercontent.com  (107.178.247.57:443)

TCP (HTTP):
Connects to i0-h0-s2.p0-gig.cdngp.net  (174.35.87.67:80)

TCP (HTTP SSL):
Connects to ec2-52-73-131-7.compute-1.amazonaws.com  (52.73.131.7:443)

TCP (HTTP):
Connects to ec2-34-196-228-33.compute-1.amazonaws.com  (34.196.228.33:80)

Remove bobrowser.exe - Powered by Reason Core Security