» ContentExplorer.exe
Overview
Analysis
File Details
Behaviors (1)
Network (5)

ContentExplorer.exe

Lake Ventures LLC

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application ContentExplorer.exe by Lake Ventures has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This executable runs as a local area network (LAN) Internet proxy server listening on port 49276 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.

File name:

ContentExplorer.exe

Publisher:

ContentExplorer (signed by Lake Ventures LLC)

Product:

ContentExplorer

Version:

8.0

MD5:

2f4a3948ce7aa21bb8c0a4ce8f3fbe00

SHA-1:

451bf8a750bc7c4eb9621246c2512416294f311c

SHA-256:

3c99b808662320efbdb4ce695bc2201a3911994d21753c6f7b816a7a8336f012

Scanner detections:

9 / 68

Status:

Adware

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/18/2024 10:25:52 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

AdWare.W32.InstallBrain

2.1.4+

Avira AntiVirus

TR/Dropper.MSIL.Gen

7.11.141.68

Baidu Antivirus

Adware.MSIL.iBryte

4.0.3.141113

Dr.Web

Adware.iBryte.491

9.0.1.0317

ESET NOD32

MSIL/Adware.iBryte (variant)

8.10688

McAfee

Artemis!3C5098BEA3C0

5600.6947

Reason Heuristics

PUP.LakeVentures.P

14.11.13.21

Sophos

Generic PUA CJ

4.98

Trend Micro House Call

Suspicious_GEN.F47V0819

7.2.317

File size:

2.3 MB (2,429,680 bytes)

Product version:

8.0

Original file name:

ContentExplorer.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\contentexplorer\contentexplorer.exe

Digital Signature

Signed by:

Lake Ventures LLC

Authority:

GoDaddy.com, Inc.

Valid from:

12/17/2013 5:22:44 PM

Valid to:

12/17/2014 5:22:44 PM

Subject:

CN=Lake Ventures LLC, O=Lake Ventures LLC, L=Aliso Viejo, S=California, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B14BBCA37F140

File PE Metadata

Compilation timestamp:

11/7/2014 3:00:28 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

49152:VxizarjlK3akypAgRvyz6neTBAX2tw6gyIXwUVRrJnqk8:pmakKyoWm2tsJVRJQ

Entry address:

0x25008A

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.7826

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

2.3 MB (2,417,152 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:49276/

Local host port:

49276

Default credentials:

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-192-4-107.dfw3.r.cloudfront.net (54.192.4.107:80)

TCP (HTTP):

Connects to ec2-54-77-222-74.eu-west-1.compute.amazonaws.com (54.77.222.74:80)

TCP (HTTP):

Connects to ec2-54-225-150-181.compute-1.amazonaws.com (54.225.150.181:80)

TCP (HTTP):

Connects to ec2-54-204-2-143.compute-1.amazonaws.com (54.204.2.143:80)

TCP (HTTP):

Connects to ec2-54-194-183-120.eu-west-1.compute.amazonaws.com (54.194.183.120:80)

Remove ContentExplorer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.