browser.exe

Browser

Web Discover

The executable browser.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
Web Discover  (signed and verified)

Product:
Browser

Version:
55.0.2859.0

MD5:
b5f58de2f78e825a566fe03211484637

SHA-1:
e217371c46e84b13ce0bce56d3fb05fddf5faedb

SHA-256:
87dadd4c79a40d897ecb9bbb3dbf252085bc0bba9b705af8ffdd5b6155cb21bd

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/11/2017 6:15:57 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.11.9.5

File size:
3 MB (3,102,944 bytes)

Product version:
55.0.2859.0

Copyright:
Copyright 2016

Original file name:
browser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\webdiscoverbrowser\2.8.2\browser.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
2/22/2016 7:00:00 PM

Valid to:
2/22/2017 6:59:59 PM

Subject:
CN=Web Discover, O=Web Discover, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
6A8AE55D88F918454899216E122FA657

File PE Metadata
Compilation timestamp:
11/8/2016 12:33:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
49152:U7PxqRminbSywLMHvMh38foP//2Pmg3AVPbDziP8KkAml:AIwUmywWif2PmgwVP3zBKk3

Entry address:
0x21666A

Entry point:
E8, 97, 09, 00, 00, E9, 8E, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1...
 
[+]

Entropy:
6.5883

Code size:
2.3 MB (2,403,840 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a184-31-198-52.deploy.static.akamaitechnologies.com  (184.31.198.52:80)

TCP (HTTP SSL):
Connects to bam-3.nr-data.net  (50.31.164.173:443)

TCP (HTTP):
Connects to a65-183-241-214.deploy.akamaitechnologies.com  (65.183.241.214:80)

TCP (HTTP):
Connects to a23-192-36-231.deploy.static.akamaitechnologies.com  (23.192.36.231:80)

TCP (HTTP):
Connects to 208.185.50.80.IPYX-063360-004-ZYO.zip.zayo.com  (208.185.50.80:80)

TCP (HTTP):
Connects to a65-183-241-215.deploy.akamaitechnologies.com  (65.183.241.215:80)

TCP (HTTP SSL):
Connects to a104-73-246-143.deploy.static.akamaitechnologies.com  (104.73.246.143:443)

TCP (HTTP):
Connects to 34.f4.c1ad.ip4.static.sl-reverse.com  (173.193.244.52:80)

TCP (HTTP SSL):
Connects to 114.255.178.107.bc.googleusercontent.com  (107.178.255.114:443)

TCP (HTTP SSL):
Connects to ec2-35-164-241-146.us-west-2.compute.amazonaws.com  (35.164.241.146:443)

TCP (HTTP SSL):
Connects to 208.185.50.65.IPYX-063360-004-ZYO.zip.zayo.com  (208.185.50.65:443)

TCP (HTTP):
Connects to 208.185.50.30.IPYX-063360-004-ZYO.zip.zayo.com  (208.185.50.30:80)

TCP (HTTP SSL):
Connects to yts2.yql.vip.bf1.yahoo.com  (98.137.201.232:443)

TCP (HTTP):
Connects to sta-204-144-141-22.rockynet.com  (204.144.141.22:80)

TCP (HTTP SSL):
Connects to sframes.adx.vip.bf1.yahoo.com  (216.109.112.213:443)

TCP (HTTP SSL):
Connects to server-52-84-125-78.iad16.r.cloudfront.net  (52.84.125.78:443)

TCP (HTTP SSL):
Connects to server-52-84-124-198.iad16.r.cloudfront.net  (52.84.124.198:443)

TCP (HTTP SSL):
Connects to server-52-84-121-68.iad16.r.cloudfront.net  (52.84.121.68:443)

TCP (HTTP SSL):
Connects to server-52-84-118-181.iad16.r.cloudfront.net  (52.84.118.181:443)

TCP (HTTP SSL):
Connects to rack03.atlas.cdn.cha.yimg.com  (69.147.65.24:443)

Remove browser.exe - Powered by Reason Core Security