home

ContentExplorer.exe

Mime Ventures LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application ContentExplorer.exe by Mime Ventures has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer.
Publisher:
ContentExplorer  (signed by Mime Ventures LLC)

Product:
ContentExplorer

Version:
8.0

MD5:
1adc80fd55e68726d7fc050bc929065f

SHA-1:
59db01cf2cd286eb10b0fe7bb18e18dd995132a4

Scanner detections:
15 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/19/2024 1:04:02 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.198.230

AVG
Generic
2016.0.3101

Baidu Antivirus
Adware.MSIL.iBryte
4.0.3.15522

Comodo Security
ApplicUnwnt
20547

Dr.Web
Trojan.iBryte.175
9.0.1.0142

ESET NOD32
MSIL/Adware.iBryte (variant)
9.10950

Fortinet FortiGate
Adware/IBryte
5/22/2015

McAfee
Artemis!1ADC80FD55E6
5600.6757

Norman
IBryte.AJQ
11.20150522

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Softpulse.Bundler
15.5.22.10

Sophos
Generic PUA FJ
4.98

Trend Micro House Call
Suspicious_GEN.F47V1224
7.2.142

Trend Micro
TROJ_GEN.R0C1C0ELV14
10.465.22

VIPRE Antivirus
iBryte
36258

File size:
2.3 MB (2,392,520 bytes)

Product version:
8.0

Copyright:
Copyright © ContentExplorer 2014

Original file name:
ContentExplorer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Application data\contentexplorer\contentexplorer.exe

Digital Signature
Signed by:
Mime Ventures LLC

Authority:
GlobalSign nv-sa

Valid from:
10/17/2014 1:39:32 PM

Valid to:
10/18/2015 1:39:32 PM

Subject:
E=admin@theanswerfinder.com, CN=Mime Ventures LLC, OU=TheAnswerFinder.com, O=Mime Ventures LLC, L=Los Angeles, S=California, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121EDDEAF81A380FF278B94B619A213DEEE

File PE Metadata
Compilation timestamp:
12/24/2014 3:00:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:VI+O7YwzP8jda3VKFSM6SZKTYQ3OpQcxh2YWS:e+O77FKUM64KcWOHuY

Entry address:
0x24714A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8370

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.3 MB (2,380,288 bytes)

Remove ContentExplorer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.