home

browser.exe

Browser

Web Discover

The executable browser.exe has been detected as malware by 1 anti-virus scanner. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
Web Discover  (signed and verified)

Product:
Browser

Version:
55.0.2859.0

MD5:
3614c043c093068be0c8f4363869bfc7

SHA-1:
324a57b69324b3fa780a98f253464cb8f6f1a39f

SHA-256:
7d73373ee8f7b6e6a5a70d4e0164b0536ef7255d057ab9967427014e60fa122a

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/16/2024 7:18:23 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.4.1

File size:
3 MB (3,102,944 bytes)

Product version:
55.0.2859.0

Copyright:
Copyright 2016

Original file name:
browser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\webdiscoverbrowser\2.28.2\browser.exe

Digital Signature
Signed by:
Web Discover

Authority:
Symantec Corporation

Valid from:
1/9/2017 4:00:00 PM

Valid to:
2/23/2018 3:59:59 PM

Subject:
CN=Web Discover, O=Web Discover, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
409E4C9DD669272BE87359D12792FEE8

File PE Metadata
Compilation timestamp:
3/2/2017 4:44:27 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x21666A

Entry point:
E8, 97, 09, 00, 00, E9, 8E, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1...
 
[+]

Entropy:
6.5883

Code size:
2.3 MB (2,403,840 bytes)

Scheduled Task
Task name:
WebDiscover Browser Launch Task

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ws-18-do-e-ny-3.wdnotifications.com  (45.55.41.62:443)

TCP (HTTP SSL):
Connects to ec2-52-8-154-221.us-west-1.compute.amazonaws.com  (52.8.154.221:443)

TCP (HTTP SSL):
Connects to a23-220-153-34.deploy.static.akamaitechnologies.com  (23.220.153.34:443)

TCP (HTTP SSL):
Connects to a23-220-153-32.deploy.static.akamaitechnologies.com  (23.220.153.32:443)

TCP (HTTP SSL):
Connects to ec2-54-215-171-152.us-west-1.compute.amazonaws.com  (54.215.171.152:443)

TCP (HTTP SSL):
Connects to ec2-52-202-103-45.compute-1.amazonaws.com  (52.202.103.45:443)

TCP (HTTP SSL):
Connects to a96-7-48-35.deploy.akamaitechnologies.com  (96.7.48.35:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:80)

TCP:
Connects to jl-in-f188.1e100.net  (209.85.200.188:5228)

TCP (HTTP SSL):
Connects to jl-in-f136.1e100.net  (209.85.200.136:443)

TCP (HTTP SSL):
Connects to a23-219-161-81.deploy.static.akamaitechnologies.com  (23.219.161.81:443)

TCP (HTTP SSL):
Connects to a184-51-148-88.deploy.static.akamaitechnologies.com  (184.51.148.88:443)

TCP (HTTP):
Connects to a104-96-221-208.deploy.static.akamaitechnologies.com  (104.96.221.208:80)

TCP (HTTP SSL):
Connects to a104-96-221-161.deploy.static.akamaitechnologies.com  (104.96.221.161:443)

TCP (HTTP SSL):
Connects to a104-104-244-179.deploy.static.akamaitechnologies.com  (104.104.244.179:443)

TCP (HTTP):
Connects to server-54-230-81-36.mia50.r.cloudfront.net  (54.230.81.36:80)

TCP (HTTP):
Connects to server-54-230-51-133.jfk5.r.cloudfront.net  (54.230.51.133:80)

TCP (HTTP):
Connects to li491-84.members.linode.com  (50.116.29.84:80)

TCP (HTTP):
Connects to ec2-54-235-182-183.compute-1.amazonaws.com  (54.235.182.183:80)

TCP (HTTP):
Connects to ec2-54-201-220-121.us-west-2.compute.amazonaws.com  (54.201.220.121:80)

Remove browser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.