home

browseforthecause.exe

Domain Web Developers, LLC

The application browseforthecause.exe by Domain Web Developers has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘BrowseForTheCause’. The file has been seen being downloaded from d1t653m828c3x8.cloudfront.net and multiple other hosts.
Publisher:
Domain Web Developers, LLC  (signed and verified)

Version:
0.9.5.5

MD5:
0cfbe0cb0ab8ff450a631dd80f82b7bd

SHA-1:
a1615ea3ec9e898defaa6c23e1aedd84f464113d

SHA-256:
8edce6fe3faf068340efe92d68fde989670ae34069ad1705a2ed0af66d2aec28

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 10:13:31 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.1254
9.0.1.0341

Reason Heuristics
PUP.BrowseForCause (M)
16.11.15.13

File size:
3.6 MB (3,744,104 bytes)

Product version:
1.3.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\browseforthecause\browseforthecause.exe

Digital Signature
Signed by:
Domain Web Developers, LLC

Authority:
Thawte, Inc.

Valid from:
8/20/2012 2:00:00 AM

Valid to:
8/18/2013 1:59:59 AM

Subject:
CN="Domain Web Developers, LLC", O="Domain Web Developers, LLC", L=New Orleans, S=Louisiana, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0E249EAA93362C0818B9A297F7A78E28

File PE Metadata
Compilation timestamp:
5/7/2013 11:59:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
49152:DYz1Vkprz5pSXGfPX/1uDiC0cxSKovJEcmc9NDLZJHoqKxjTPVeNy21M/U:05Op1XQm9vGc/LMqKxsNy21yU

Entry address:
0x26A0

Entry point:
EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, AC, 90, 6F, 00, A1, 9F, 90, 6F, 00, C1, E0, 02, A3, A3, 90, 6F, 00, 52, 6A, 00, E8, 07, 4C, 2F, 00, 8B, D0, E8, 32, 45, 2E, 00, 5A, E8, 54, 44, 2E, 00, E8, 83, 46, 2E, 00, 6A, 00, E8, 80, 63, 2E, 00, 59, 68, 48, 90, 6F, 00, 6A, 00, E8, E1, 4B, 2F, 00, A3, A7, 90, 6F, 00, 6A, 00, E9, B7, 06, 2F, 00, E9, B2, 63, 2E, 00, 33, C0, A0, 91, 90, 6F, 00, C3, A1, A7, 90, 6F, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, F0, 00, 00, 00, 0B, C9...
 
[+]

Code size:
3 MB (3,112,960 bytes)

Scheduled Task
Task name:
BrowseForTheCauseUpdate

Trigger:
Boot (Runs on boot)


Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
BrowseForTheCause

Command:
C:\Program Files\browseforthecause\browseforthecause.exe


The file browseforthecause.exe has been seen being distributed by the following 3 URLs.

http://d1t653m828c3x8.cloudfront.net/bundles/.../forcause-ak.exe

http://d3d6wi7c7pa6m0.cloudfront.net/bundles/.../forcause-ak.exe

http://d3emsmln8xfj03.cloudfront.net/bundles/.../forcause-ak.exe

Remove browseforthecause.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.