» BrowserWeb.exe
Overview
Analysis
File Details
Programs (1)
Network (59)

BrowserWeb.exe

BrowserWeb

Softforce LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application BrowserWeb.exe by Softforce has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. This file is typically installed with the program MixVideoPlayer by SoftForce LLC. While running, it connects to the Internet address server-52-85-133-79.iad53.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

BrowserWeb.exe

Publisher:

Softforce LLC (signed and verified)

Product:

BrowserWeb

Version:

1.0.0.17

MD5:

7d7fc035b6a606020c83086bc379de70

SHA-1:

850f639768332fc4c0dc2c5b1af88459dc94ada8

SHA-256:

82f7dce972ba6c8b13d3db0ec18615c076df0dd77e6450d027cef9a31b9c7200

Scanner detections:

18 / 68

Status:

Adware

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/28/2024 3:51:53 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Bawswerps.1

546

Avira AntiVirus

ADWARE/Bawswerps.116736.1

8.3.1.6

Arcabit

Trojan.Adware.Bawswerps.1

1.0.0.425

avast!

MSIL:Adware-N [Adw]

2014.9-150807

AVG

Generic

2016.0.3024

Baidu Antivirus

PUA.Win32.SoftPulse

4.0.3.1587

Bitdefender

Gen:Variant.Adware.Bawswerps.1

1.0.20.1095

Bkav FE

W32.HfsAdware

1.3.0.7062

Dr.Web

Trojan.Domaiq.325

9.0.1.0219

Emsisoft Anti-Malware

Gen:Variant.Adware.Bawswerps

8.15.08.07.10

ESET NOD32

MSIL/NewPlayer.D potentially unwanted (variant)

9.12058

F-Secure

Gen:Variant.Adware.Bawswerps

11.2015-15-09_3

G Data

Gen:Variant.Adware.Bawswerps

15.8.25

herdProtect (fuzzy)

variant of webbrowser.exe

2015.9.15.14

Microsoft Security Essentials

Adware:MSIL/Bawswerps

1.1.11804.0

MicroWorld eScan

Gen:Variant.Adware.Bawswerps.1

16.0.0.657

Panda Antivirus

PUP/Multitoolbar

15.09.15.02

Reason Heuristics

PUP.Softpulse.Softforce.Bundler (M)

15.8.7.22

File size:

119.7 KB (122,536 bytes)

Product version:

1.0.0.17

Original file name:

BrowserWeb.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Softpulse SoftwareBundler

Language:

Language Neutral

Common path:

C:\Program Files\mixvideoplayer\browserweb.exe

Digital Signature

Signed by:

Softforce LLC

Authority:

thawte, Inc.

Valid from:

12/17/2014 8:00:00 PM

Valid to:

12/18/2015 7:59:59 PM

Subject:

CN=Softforce LLC, O=Softforce LLC, L=Wilmington, S=Delaware, C=US

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

39EFBC248CD996B345705A5A0ED70147

File PE Metadata

Compilation timestamp:

8/6/2015 10:31:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:VoEQlHHHHHHHHHHHHFHHHHHHHHHHHHHHHHEGoEQlHHHHHHHHHHHHFHHHHHHHHHHC:iHHHHHHHHHHHHFHHHHHHHHHHHHHHHHgc

Entry address:

0x1CDCE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 60, 00, 00, 80, 10, 00, 00, 00, 78, 00, 00, 80, 18, 00, 00, 00, 90, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 02, 00, 00, 00, A8, 00, 00, 80, 03, 00, 00, 00, C0, 00... 
[+]

Entropy:

6.0663

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

107.5 KB (110,080 bytes)

The file BrowserWeb.exe has been discovered within the following programs.

MixVideoPlayer by SoftForce LLC

About 2% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-52-85-74-15.lhr3.r.cloudfront.net (52.85.74.15:80)

TCP (HTTP):

Connects to server-54-240-186-232.mad50.r.cloudfront.net (54.240.186.232:80)

TCP (HTTP):

Connects to ec2-54-187-119-69.us-west-2.compute.amazonaws.com (54.187.119.69:80)

TCP (HTTP):

Connects to ec2-52-26-110-152.us-west-2.compute.amazonaws.com (52.26.110.152:80)

TCP (HTTP):

Connects to full-cdn-01.cluster002.ovh.net (213.186.33.69:80)

TCP (HTTP):

Connects to server-54-230-81-178.mia50.r.cloudfront.net (54.230.81.178:80)

TCP (HTTP):

Connects to server-54-230-81-89.mia50.r.cloudfront.net (54.230.81.89:80)

TCP (HTTP):

Connects to server-54-230-81-185.mia50.r.cloudfront.net (54.230.81.185:80)

TCP (HTTP):

Connects to server-54-230-81-184.mia50.r.cloudfront.net (54.230.81.184:80)

TCP (HTTP):

Connects to server-54-240-186-246.mad50.r.cloudfront.net (54.240.186.246:80)

TCP (HTTP):

Connects to server-54-230-81-190.mia50.r.cloudfront.net (54.230.81.190:80)

TCP (HTTP):

Connects to server-54-230-81-235.mia50.r.cloudfront.net (54.230.81.235:80)

TCP (HTTP):

Connects to server-54-230-81-188.mia50.r.cloudfront.net (54.230.81.188:80)

TCP (HTTP):

Connects to server-54-230-206-94.atl50.r.cloudfront.net (54.230.206.94:80)

TCP (HTTP):

Connects to server-54-230-206-92.atl50.r.cloudfront.net (54.230.206.92:80)

TCP (HTTP):

Connects to server-54-230-206-8.atl50.r.cloudfront.net (54.230.206.8:80)

TCP (HTTP):

Connects to server-54-230-163-143.jax1.r.cloudfront.net (54.230.163.143:80)

TCP (HTTP):

Connects to server-54-192-25-201.mxp4.r.cloudfront.net (54.192.25.201:80)

TCP (HTTP):

Connects to server-54-192-25-115.mxp4.r.cloudfront.net (54.192.25.115:80)

TCP (HTTP):

Connects to server-54-192-19-147.iad12.r.cloudfront.net (54.192.19.147:80)

Remove BrowserWeb.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.