home

ContentExplorer.exe

Lake Ventures LLC

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application ContentExplorer.exe by Lake Ventures has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This executable runs as a local area network (LAN) Internet proxy server listening on port 50158 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Publisher:
ContentExplorer  (signed by Lake Ventures LLC)

Product:
ContentExplorer

Version:
0.0.0.0

MD5:
5f169856cec8d09245556760eb20dda5

SHA-1:
6c2c86f0143296282efedfba128b62e21ac579e0

SHA-256:
3dcbaafea2ccb1ca99aaa73bd498872e295a87b1d8ae5780dce866b38700f4a7

Scanner detections:
2 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 8:51:58 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.MSIL.Gen
7.11.141.68

Reason Heuristics
PUP.LakeVentures.P
14.6.12.15

File size:
1 MB (1,063,664 bytes)

Product version:
0.0.0.0

Copyright:
Copyright © ContentExplorer 2014

Original file name:
ContentExplorer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\contentexplorer\contentexplorer.exe

Digital Signature
Signed by:
Lake Ventures LLC

Authority:
GoDaddy.com, Inc.

Valid from:
12/18/2013 1:52:44 AM

Valid to:
12/18/2014 1:52:44 AM

Subject:
CN=Lake Ventures LLC, O=Lake Ventures LLC, L=Aliso Viejo, S=California, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B14BBCA37F140

File PE Metadata
Compilation timestamp:
6/4/2014 10:30:27 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:wTECqoOva+7n/YWeIqUlBr7Cnx7KbB7IbIgFX:IGfeAlB1BgIgFX

Entry address:
0x102932

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.2804

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1 MB (1,051,136 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:50158/

Local host port:
50158

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-205-251-251-195.jfk5.r.cloudfront.net  (205.251.251.195:80)

TCP (HTTP):
Connects to ec2-54-214-5-201.us-west-2.compute.amazonaws.com  (54.214.5.201:80)

TCP (HTTP):
Connects to ec2-107-23-144-68.compute-1.amazonaws.com  (107.23.144.68:80)

TCP (HTTP):
Connects to a184-29-106-16.deploy.static.akamaitechnologies.com  (184.29.106.16:80)

Remove ContentExplorer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.