browser.exe

Yandex

YANDEX LLC

The executable browser.exe has been detected as malware by 14 anti-virus scanners. While running, it connects to the Internet address api.browser.yandex.ru on port 443.
Publisher:
YANDEX LLC  (signed and verified)

Product:
Yandex

Version:
46.0.2490.6151

MD5:
5852b58f3f7b258aea43d3834d351fe5

SHA-1:
b81608c48499080b0e46fb964902c9428fc9d755

SHA-256:
0ad565a0d392829f22724c69684971e10f4b118e9729bb6451caaf13233882f5

Scanner detections:
14 / 68

Status:
Malware

Analysis date:
12/15/2017 1:25:21 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAutoB
1.3.0.7237

Dr.Web
MULDROP.Trojan
9.0.1.0341

Emsisoft Anti-Malware
Gen:Variant.Symmi.37420
8.15.12.07.06

K7 AntiVirus
Virus
13.210.17320

K7 Gateway Antivirus
Virus
13.210.17320

McAfee
Virus.W32/Pate.b
5600.6558

McAfee Web Gateway
BehavesLike.Win32.Pate.vm
7.6558

Microsoft Security Essentials
Threat.Undefined
1.207.757.0

Quick Heal
W32.Perite.A
12.15.14.00

The Hacker
W32/Pate.B
6.8.0.5.678

Total Defense
Win32/Pinfi.A
37.1.62.1

Trend Micro House Call
PE_PARITE.A
7.2.341

Trend Micro
PE_PARITE.A
10.465.07

VIPRE Antivirus
Threat.46249
42326

File size:
1.9 MB (2,026,960 bytes)

Product version:
46.0.2490.6151

Copyright:
Copyright © 2012-2015 YANDEX LLC. All Rights Reserved.

Original file name:
browser.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\yandex\yandexbrowser\application\browser.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/15/2013 8:00:00 AM

Valid to:
1/16/2016 7:59:59 AM

Subject:
CN=YANDEX LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=YANDEX LLC, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3667E158B524C8FFBFE538172786F1E2

File PE Metadata
Compilation timestamp:
12/1/2015 8:49:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:wtUTQAFYErLboIQ+KT4+VKm5Ba6463RTQ/:HHrLbcTnKABxa/

Entry address:
0x4F9B4

Entry point:
E8, 05, A2, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1, D9, D1, EA, D1, D8, 0B, DB, 75, F4, F7...
 
[+]

Code size:
427 KB (437,248 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to storage.mds.yandex.net  (213.180.204.158:443)

TCP (HTTP SSL):
Connects to favicon.yandex.net  (77.88.21.36:443)

TCP (HTTP SSL):
Connects to api.browser.yandex.ru  (87.250.251.82:443)

TCP (HTTP SSL):
Connects to storage.ape.yandex.net  (213.180.193.55:443)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (213.180.193.119:443)

TCP (HTTP SSL):
Connects to e.mail.ru  (217.69.139.216:443)

TCP (HTTP SSL):
Connects to browser-api.store.yandex.net  (77.88.21.216:443)

TCP (HTTP SSL):
Connects to avatars.mds.yandex.net  (87.250.247.181:443)

TCP (HTTP SSL):
Connects to yabs.yandex.ru  (93.158.134.91:443)

TCP (HTTP):
Connects to start.gohost.ru  (87.242.73.73:80)

TCP (HTTP SSL):
Connects to 194-177-22-167.flops.ru  (194.177.22.167:443)

TCP (HTTP SSL):
Connects to yandex.ru  (5.255.255.5:443)

TCP (HTTP SSL):
Connects to sync.disk.yandex.net  (93.158.134.148:443)

TCP (HTTP SSL):
Connects to static.yandex.net  (178.154.131.217:443)

TCP (HTTP):
Connects to sba.search.yandex.net  (77.88.21.232:80)

TCP (HTTP SSL):
Connects to 2-78-45-93.kcell.kz  (2.78.45.93:443)

TCP (HTTP SSL):
Connects to suggest.yandex.net  (87.250.250.63:443)

TCP (HTTP SSL):
Connects to video-tub.yandex.ru  (213.180.193.101:443)

TCP (HTTP SSL):
Connects to ua2.host.hit.gemius.pl  (149.202.221.211:443)

TCP (HTTP SSL):
Connects to rfko.r.smailru.net  (217.69.139.42:443)

Remove browser.exe - Powered by Reason Core Security