browserairexec.exe

BrowserAir

Goobzo

The application browserairexec.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program BrowserAir by Goobzo Ltd. which is a potentially unwanted software program. While running, it connects to the Internet address 186.139.211.130.bc.googleusercontent.com on port 80 using the HTTP protocol.
Publisher:
Goobzo

Product:
BrowserAir

Version:
48.0.0.0

MD5:
b7ffe19b93e774406e9dde75e4d3db39

SHA-1:
4839d7c65a77c40093478df3338d319d91f3de82

SHA-256:
4c162785b255ac42ceb6328f9bc234421ca2d28c2dd9ff22972877f1dd5417a9

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/16/2017 4:12:10 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.6.30.11

File size:
677.5 KB (693,760 bytes)

Product version:
48.0.0.0

Copyright:
Copyright 2014 Goobzo. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\browserair\application\browserairexec.exe

File PE Metadata
Compilation timestamp:
6/22/2016 5:02:37 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:y7FlSQ3ZWan1FsnO+AsB7WHVATAYuaZ1uuJl0dQ6K4EzjJTAgUHONHF9:y7qQjyurSftAg3NHX

Entry address:
0x42BE4

Entry point:
E8, 8D, 95, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1, D9, D1, EA, D1, D8, 0B, DB, 75, F4, F7...
 
[+]

Entropy:
6.2246

Code size:
368 KB (376,832 bytes)

Shell Open Command
Open type:
ftp

Command:
"C:\users\{user}\appdata\local\browserair\application\browserairexec.exe" -- "%1"


The file browserairexec.exe has been discovered within the following program.

BrowserAir  by Goobzo Ltd.
BrowserAir is a potentially unwanted program is malicious and intrusive and manages to sneak its way into your computer and cause a number of issues that affects performance and privacy.
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-85-151-201.hkg51.r.cloudfront.net  (52.85.151.201:80)

TCP (HTTP SSL):
Connects to ip-198-58-13-144.iad1.bfnet.us  (198.58.13.144:443)

TCP (HTTP SSL):
Connects to static.vnpt.vn  (113.171.241.108:443)

TCP (HTTP SSL):
Connects to server-54-230-141-197.sfo5.r.cloudfront.net  (54.230.141.197:443)

TCP (HTTP SSL):
Connects to server-52-85-151-209.hkg51.r.cloudfront.net  (52.85.151.209:443)

TCP (HTTP):
Connects to server-52-85-151-164.hkg51.r.cloudfront.net  (52.85.151.164:80)

TCP (HTTP):
Connects to server04.com-2.mobi  (216.104.36.154:80)

TCP (HTTP SSL):
Connects to haproxy5.ca.servers.visadd.com  (198.27.120.88:443)

TCP (HTTP):

TCP (HTTP SSL):

TCP (HTTP SSL):
Connects to ec2-52-201-129-224.compute-1.amazonaws.com  (52.201.129.224:443)

TCP (HTTP):
Connects to ec2-52-1-139-99.compute-1.amazonaws.com  (52.1.139.99:80)

TCP (HTTP):
Connects to server-54-230-0-39.lhr5.r.cloudfront.net  (54.230.0.39:80)

TCP (HTTP):
Connects to server-54-230-187-193.cdg51.r.cloudfront.net  (54.230.187.193:80)

TCP (HTTP):
Connects to server-54-230-187-157.cdg51.r.cloudfront.net  (54.230.187.157:80)

TCP (HTTP):
Connects to server-54-230-187-153.cdg51.r.cloudfront.net  (54.230.187.153:80)

TCP (HTTP):
Connects to 186.139.211.130.bc.googleusercontent.com  (130.211.139.186:80)

TCP (HTTP SSL):
Connects to cache.google.com  (59.18.34.221:443)

TCP (HTTP SSL):
Connects to server-54-230-1-119.lhr5.r.cloudfront.net  (54.230.1.119:443)

TCP (HTTP):
Connects to server-54-230-0-235.lhr5.r.cloudfront.net  (54.230.0.235:80)

Remove browserairexec.exe - Powered by Reason Core Security