browser.exe

speed browser

Smart Applications

The application browser.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘browser’. While running, it connects to the Internet address edge-star-shv-01-ort2.facebook.com on port 443.
Publisher:
Smart Applications

Product:
speed browser

Version:
44.0.2367.0

MD5:
a2cd2ed9519a18bd62cee68ddbba37f1

SHA-1:
bf63b028df853496bb8d82f6accad4c2634dd178

SHA-256:
c0e941c87860cd139f35e90bac1492c7216f1b74a2d7e20798953108854ce7d0

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/21/2017 10:56:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SmartApplications.Meta (M)
15.6.29.1

File size:
752.5 KB (770,560 bytes)

Product version:
44.0.2367.0

Copyright:
Copyright 2014 Smart Applications. All rights reserved.

Original file name:
browser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\speed browser\application\browser.exe

File PE Metadata
Compilation timestamp:
6/5/2015 4:01:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:q9ND/fvL93NeN25zyz6/+bfXsm0dkNMtWqqLtRMTR9VHHOgMB0SlUjRWfJ6UEwD9:q95fjyitWqqI31MBWjRBD/hg

Entry address:
0x49CB0

Entry point:
E8, C6, BB, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7, C2, 03, 00, 00, 00, 75...
 
[+]

Entropy:
6.4005

Code size:
403.5 KB (413,184 bytes)

3 Shell Open Commands
Open type:
ftp

Command:
"C:\Program Files\speed browser\application\browser.exe" -- "%1"

Open type:
http

Command:
"C:\Program Files\speed browser\application\browser.exe" -- "%1"

Open type:
https

Command:
"C:\Program Files\speed browser\application\browser.exe" -- "%1"


Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
browser

Command:
C:\Program Files\speed browser\application\browser.exe


Windows Firewall Allowed Program
Name:
browser (mdns-in)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to radius.pioneer.co.in  (202.65.142.252:443)

TCP (HTTP):
Connects to ec2-34-250-194-62.eu-west-1.compute.amazonaws.com  (34.250.194.62:80)

TCP (HTTP SSL):
Connects to s3-1.amazonaws.com  (54.231.40.122:443)

TCP (HTTP):
Connects to a182-18-179-80.deploy.akamaitechnologies.com  (182.18.179.80:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-cdg2.fbcdn.net  (179.60.192.7:443)

TCP (HTTP):
Connects to vmhappytimes.772424.com  (91.121.63.222:80)

TCP (HTTP SSL):
Connects to server-54-192-14-78.ams1.r.cloudfront.net  (54.192.14.78:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-cdg2.facebook.com  (179.60.192.36:443)

TCP (HTTP):
Connects to ec2-52-17-158-153.eu-west-1.compute.amazonaws.com  (52.17.158.153:80)

TCP (HTTP SSL):
Connects to a23-205-89-198.deploy.static.akamaitechnologies.com  (23.205.89.198:443)

TCP:
Connects to wb-in-f188.1e100.net  (66.102.1.188:5228)

TCP (HTTP):
Connects to a182-18-179-72.deploy.akamaitechnologies.com  (182.18.179.72:80)

TCP (HTTP SSL):
Connects to ondemand.puresafety.com  (66.18.116.30:443)

TCP (HTTP SSL):
Connects to msnbot-65-52-108-76.search.msn.com  (65.52.108.76:443)

TCP (HTTP):
Connects to server-54-192-19-15.iad12.r.cloudfront.net  (54.192.19.15:80)

TCP (HTTP):
Connects to server-54-192-19-117.iad12.r.cloudfront.net  (54.192.19.117:80)

TCP (HTTP):
Connects to server-54-192-19-115.iad12.r.cloudfront.net  (54.192.19.115:80)

TCP (HTTP):
Connects to server-52-85-142-236.iad12.r.cloudfront.net  (52.85.142.236:80)

TCP:
Connects to oc-in-f188.1e100.net  (209.85.235.188:5228)

TCP (HTTP SSL):
Connects to edge-star-shv-01-ort2.facebook.com  (157.240.2.20:443)

Remove browser.exe - Powered by Reason Core Security