home

ContentExplorer.exe

Mime Ventures LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application ContentExplorer.exe by Mime Ventures has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. This executable runs as a local area network (LAN) Internet proxy server listening on port 55007 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Publisher:
ContentExplorer  (signed by Mime Ventures LLC)

Product:
ContentExplorer

Version:
8.0

MD5:
c93ab0c1726c714ec2eb1062bfba06aa

SHA-1:
1e2f411d27d248fdd79207a1709882282c35d6d4

SHA-256:
80721c5202cb126ce7d245f68c074f2a034fc42953fc0e2bb9badb1af0378ca6

Scanner detections:
13 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/20/2024 3:03:43 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.196.234

AVG
Generic
2015.0.3254

Baidu Antivirus
Adware.MSIL.iBryte
4.0.3.15121

Dr.Web
Trojan.iBryte.151
9.0.1.021

ESET NOD32
MSIL/Adware.iBryte (variant)
8.10907

Fortinet FortiGate
Adware/IBryte
1/21/2015

McAfee
Artemis!485956E0F402
5600.6878

Norman
IBryte.AJQ
11.20141220

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Softpulse
15.1.21.15

Sophos
Generic PUA KA
4.98

Trend Micro House Call
Suspicious_GEN.F47V1226
7.2.21

VIPRE Antivirus
iBryte
36282

File size:
2.3 MB (2,392,520 bytes)

Product version:
8.0

Copyright:
Copyright © ContentExplorer 2014

Original file name:
ContentExplorer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\contentexplorer\contentexplorer.exe

Digital Signature
Signed by:
Mime Ventures LLC

Authority:
GlobalSign nv-sa

Valid from:
10/17/2014 12:39:32 PM

Valid to:
10/18/2015 12:39:32 PM

Subject:
E=admin@theanswerfinder.com, CN=Mime Ventures LLC, OU=TheAnswerFinder.com, O=Mime Ventures LLC, L=Los Angeles, S=California, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121EDDEAF81A380FF278B94B619A213DEEE

File PE Metadata
Compilation timestamp:
12/20/2014 10:30:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:lYU02LljerwqHaGdH5m9pbqZtpQmjlQITOsfUKy8v:iY1er9HHH5s2RFSITOsfny6

Entry address:
0x24713A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8376

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.3 MB (2,380,288 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:55007/

Local host port:
55007

Default credentials:
No


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to cdn-208-111-160-6.iad.llnw.net  (208.111.160.6:80)

Remove ContentExplorer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.