» browserinfo.exe
Overview
Analysis
File Details
Programs (1)
Network (9)

browserinfo.exe

Beijing Zhihuimen Techology co,.Ltd

The application browserinfo.exe by Beijing Zhihuimen Techology co,.Ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Tools Update Platform by Beijing Zhihuimen Techology co,.Ltd. While running, it connects to the Internet address i0-h0-s2.p0-gig.cdngp.net on port 80 using the HTTP protocol.

File name:

browserinfo.exe

Publisher:

Beijing Zhihuimen Techology co,.Ltd (signed and verified)

MD5:

ea4ab33cffd47bd396e5df93c5f83a94

SHA-1:

10eb3702b7fb2303df3b96326e9dcfed34ac7e57

SHA-256:

d6ce8f10a922e22bef9996ad79a5aa2b4457bba434aa91f9e46e1bab1888cd5a

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 2:00:29 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.TopTools (M)

16.8.27.10

File size:

225.9 KB (231,368 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\toolsupdateplatform\browserinfo.exe

Digital Signature

Signed by:

Beijing Zhihuimen Techology co,.Ltd

Authority:

VeriSign, Inc.

Valid from:

3/20/2015 2:00:00 AM

Valid to:

3/20/2016 1:59:59 AM

Subject:

CN="Beijing Zhihuimen Techology co,.Ltd", OU=Dev, O="Beijing Zhihuimen Techology co,.Ltd", L=Beijing, S=Beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3CD09515CC4DCE7B71D57D559E0AF51C

File PE Metadata

Compilation timestamp:

6/4/2015 10:52:23 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

3072:Lnp6sacB2BsEV+c75NjKG1DOeOVDtvLlLhkHRa4ceOsL8hsMT6QH/HDoD5GRGgk:92cBwVVOptvLhhka4ceOsLfM+mRPk

Entry address:

0x1A5A8

Entry point:

E8, D0, 91, 00, 00, E9, A5, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 57, 56, E8, 5F, 04, 00, 00, 33, FF, 59, 3B, F7, 75, 1D, E8, EB, 18, 00, 00, 57, 57, 57, 57, 57, C7, 00, 16, 00, 00, 00, E8, 52, E5, FF, FF, 83, C4, 14, 83, C8, FF, EB, 34, 39, 7D, 0C, 74, DE, B9, FF, FF, FF, 7F, C7, 45, EC, 49, 00, 00, 00, 89, 75, E8, 89, 75, E0, 89, 4D, E4, 3B, C1, 77, 03, 89, 45, E4, FF, 75, 14, 8D, 45, E0, FF, 75, 10, FF, 75, 0C, 50, FF, 55, 08, 83, C4, 10, 5F, C9, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 8D, 45, 10... 
[+]

Entropy:

6.4833

Code size:

175 KB (179,200 bytes)

The file browserinfo.exe has been discovered within the following program.

Tools Update Platform by Beijing Zhihuimen Techology co,.Ltd

About 6% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to i0-h0-s3.p0-gig.cdngp.net (174.35.87.68:80)

TCP (HTTP):

Connects to i0-h0-s2.p0-gig.cdngp.net (174.35.87.67:80)

TCP (HTTP):

Connects to i0-h0-s1.p0-gig.cdngp.net (174.35.87.66:80)

TCP (HTTP):

Connects to i0-h0-s4.p0-gig.cdngp.net (174.35.87.69:80)

TCP (HTTP):

Connects to i0-h0-s1043.p0-mia.cdngp.net (174.35.36.76:80)

TCP (HTTP):

Connects to i0-h0-s1033.p0-mia.cdngp.net (174.35.36.41:80)

TCP (HTTP):

Connects to i0-h0-s1024.p1-iad.cdngp.net (66.114.52.20:80)

TCP (HTTP):

Connects to i0-h0-s1020.p1-iad.cdngp.net (66.114.52.16:80)

TCP (HTTP):

Connects to i0-h0-s1019.p1-iad.cdngp.net (66.114.52.15:80)

Remove browserinfo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.