home

~browsermngr.exe

Application Manager

ForwardTech Inc

This is part of a Performersoft product, a 'PC optimzation' application that provides minimal benifits and may have been bundled by a third party installer. The application ~browsermngr.exe by ForwardTech Inc has been detected as adware by 19 anti-malware scanners. It bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.
Publisher:
PerformerSoft LLC  (signed by ForwardTech Inc)

Product:
Application Manager

Version:
2,3,759,138

MD5:
703e0d9d640c5b2e8177ec0ecd0a736a

SHA-1:
d6e875084b9ac487e42c85d228378208af7d24f1

SHA-256:
25b8c2a907a01f36dd40231bc598c8b1a93baab767e1ac5587a4ffe3c487b822

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Analysis date:
4/26/2024 9:10:59 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Rotbrow
2014.03.01

avast!
Win32:BProtect-D [Trj]
2014.9-140911

AVG
Generic5
2015.0.3253

Bkav FE
W32.Clod9a7.Trojan
1.3.0.4959

Clam AntiVirus
Win.Adware.BProtector
0.98/213

Dr.Web
BackDoor.Dna.10
9.0.1.0254

ESET NOD32
Win32/bProtector (variant)
8.9791

Fortinet FortiGate
Riskware/BProtector
9/11/2014

F-Secure
Application:W32/BProtector.A
11.2014-21-12_1

G Data
Win32.Trojan.Agent.NF9FIG
14.9.24

Kaspersky
Trojan.Win32.Bromngr
14.0.0.2762

Malwarebytes
PUP.Optional.InstallBrain.A
v2014.09.11.12

McAfee
Adware-Bprotect.b
5600.6909

Microsoft Security Essentials
TrojanDropper:Win32/Rotbrow.B
1.10502

nProtect
Trojan/W32.Agent.2200096
14.05.12.01

Reason Heuristics
PUP.ForwardTech.M
14.9.11.0

Trend Micro
TSPY_AGENT_BK082BB4.TOMC
10.465.11

Vba32 AntiVirus
AdWare.Bromngr
3.12.24.3

VIPRE Antivirus
Bprotector
29150

File size:
2.1 MB (2,200,096 bytes)

Product version:
2,3,759,138

Copyright:
Copyright (C) 2012

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\~browser manager\~2.3.759.138\~{61d8b74e-8d89-46ff-afa6-33382c54ac73}\~browsermngr.exe

Digital Signature
Signed by:
ForwardTech Inc

Authority:
GoDaddy.com, Inc.

Valid from:
9/11/2012 9:46:30 PM

Valid to:
9/11/2015 9:46:30 PM

Subject:
CN=ForwardTech Inc, O=ForwardTech Inc, L=Beaverton, S=OR, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
07BCB9E09D11D2

File PE Metadata
Compilation timestamp:
9/28/2012 7:27:30 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:niTYyi3CJaU705QrfzszM3Bc9WbMk5C1pLE3TGKZ5oIbv/eAYrJt3D:niTYyXaP5UfzszM3BtMkH/eAi

Entry address:
0xC2AD8

Entry point:
E8, 37, FD, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, 3D, 15, 00, 00, 83, C4, 0C, 5D, C3, 8B, FF, 55, 8B, EC, 5D, E9, DF, FF, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, FF, 75, 10, 8D, 4D, F0, E8, C5, DB, FF, FF, 8B, 45, 08, 33, DB, 3B, C3, 75, 28, E8, 7F, 3C, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 3E, ED, FF, FF, 83, C4, 14, 38, 5D, FC, 74, 07, 8B, 45, F8, 83, 60, 70, FD, 33, C0, EB, 74, 56, 8B, 75, F4, 39, 5E, 08, 75, 3A, FF, 75, 0C, 50, E8, E6, 22...
 
[+]

Entropy:
6.6335

Code size:
1.4 MB (1,494,016 bytes)

Remove ~browsermngr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.