home

browzar 2.0.exe

Browzar

Browzar Limited

The application browzar 2.0.exe, “Browzar Private Web Browser” by Browzar Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from www.freeadvice.ru and multiple other hosts. While running, it connects to the Internet address smtp.quba.co.uk on port 80 using the HTTP protocol.
Publisher:
Browzar Ltd.  (signed by Browzar Limited)

Product:
Browzar

Description:
Browzar Private Web Browser

Version:
2, 0, 0, 0

MD5:
e7d236d86132659f6e90ba100e8e65f5

SHA-1:
39db126a020aae7dad2f6989bcfeede7cc32056c

SHA-256:
fd85eb7b3d8844f88fdf3c92e798646a3837b45c19b5b7007fb5ebfc9565ed57

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 11:02:10 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.BrowzarLimited.K
14.2.21.9

File size:
209.7 KB (214,688 bytes)

Product version:
2, 0, 0, 0

Copyright:
© Copyright 2006, 2007 Browzar Ltd.

Original file name:
Browzar.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\browzar 2.0.exe

Digital Signature
Signed by:
Browzar Limited

Authority:
The USERTRUST Network

Valid from:
8/12/2008 8:00:00 PM

Valid to:
8/13/2009 7:59:59 PM

Subject:
CN=Browzar Limited, O=Browzar Limited, STREET=Huddersfield, L=Huddersfield, S=West Yorkshire, PostalCode=HD1 9ES, C=GB

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
009EC6C7428EB0C82B37C40B846915E2F4

File PE Metadata
Compilation timestamp:
12/19/2008 10:51:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:jZw7adUAsIgrkX462nxd6fYgbkpxeO0D5dJ3PCBo44BX:9wrzIgwXAnxd6f9b4ebTJfOjI

Entry address:
0x9EE20

Entry point:
60, BE, 00, 20, 47, 00, 8D, BE, 00, F0, F8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.7635

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
180 KB (184,320 bytes)

The file browzar 2.0.exe has been seen being distributed by the following 3 URLs.

http://www.freeadvice.ru/programms/.../BrowzarWinstyle2000.exe

http://browzar.com/.../BrowzarWinstyle2000.exe

http://www.browzar.com/.../BrowzarWinstyle2000.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to smtp.quba.co.uk  (134.213.173.254:80)

Remove browzar 2.0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.