» browzar 1.2.0.1 black (kaldata.com).exe
Overview
Analysis
File Details
Network (1)

browzar 1.2.0.1 black (kaldata.com).exe

Browzar

Browzar Limited

The application browzar 1.2.0.1 black (kaldata.com).exe, “Browzar Private Web Browser” by Browzar Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address smtp.quba.co.uk on port 80 using the HTTP protocol.

File name:

Publisher:

Browzar Ltd. (signed by Browzar Limited)

Product:

Browzar

Description:

Browzar Private Web Browser

Version:

1, 2, 0, 1

MD5:

c01f17b5004daf14b0261b374590600e

SHA-1:

d0aed65c4b014f7fefd21b18b56bfef3c723d8ee

SHA-256:

b9e24ea50994c0658d5ad102ee1b0fdda224005856c3612c0facb207b39ba867

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/18/2024 5:50:07 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Browzar (M)

15.9.19.14

File size:

272.5 KB (279,000 bytes)

Product version:

1, 2, 0, 1

Original file name:

Browzar.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

Browzar Limited

Authority:

The USERTRUST Network

Valid from:

8/17/2006 3:00:00 AM

Valid to:

8/18/2007 2:59:59 AM

Subject:

CN=Browzar Limited, O=Browzar Limited, STREET=18 Wheathouse Road, L=Huddersfield, S=West Yorkshire, PostalCode=HD2 2UW, C=GB

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

00A814A924256BA46FE3C00EBDAE45FD13

File PE Metadata

Compilation timestamp:

10/30/2006 7:43:19 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:WRSt3kIhCh2xzbq+1/r4jGx41fEC4EtH/JEVJehWdYcYENQAHwVca7:WRSt0w7x1/r4jq4nHxrWmjqzwVc

Entry address:

0xCBB2

Entry point:

55, 8B, EC, 6A, FF, 68, 68, 03, 41, 00, 68, 3E, CD, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, DC, E7, 40, 00, 59, 83, 0D, C4, 39, 41, 00, FF, 83, 0D, C8, 39, 41, 00, FF, FF, 15, D8, E7, 40, 00, 8B, 0D, B8, 39, 41, 00, 89, 08, FF, 15, D4, E7, 40, 00, 8B, 0D, B4, 39, 41, 00, 89, 08, A1, D0, E7, 40, 00, 8B, 00, A3, C0, 39, 41, 00, E8, 1C, 01, 00, 00, 39, 1D, 80, 37, 41, 00, 75, 0C, 68, 3A, CD, 40, 00, FF, 15, CC, E7... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

52 KB (53,248 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to smtp.quba.co.uk (134.213.173.254:80)

Remove browzar 1.2.0.1 black (kaldata.com).exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.