home

ContentExplorer.exe

Lake Ventures LLC

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application ContentExplorer.exe by Lake Ventures has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This executable runs as a local area network (LAN) Internet proxy server listening on port 51566 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Publisher:
ContentExplorer  (signed by Lake Ventures LLC)

Product:
ContentExplorer

Version:
8.0

MD5:
f182623a4fc4b3c2bff91f5a1036dd33

SHA-1:
7c17c3281468f11b552e2deb9a43d74bf7fa070f

SHA-256:
b204997409f0f9800348320b39a6cac51591737a942f9ed16840cb43d25b5bc7

Scanner detections:
8 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 7:26:19 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.MSIL.Gen
7.11.141.68

Baidu Antivirus
Adware.MSIL.iBryte
4.0.3.141126

Dr.Web
Adware.iBryte.491
9.0.1.0330

ESET NOD32
MSIL/Adware.iBryte (variant)
8.10782

McAfee
Artemis!3C5098BEA3C0
5600.6935

Reason Heuristics
PUP.LakeVentures.P
14.11.26.1

Sophos
Generic PUA CJ
4.98

Trend Micro House Call
Suspicious_GEN.F47V0819
7.2.330

File size:
2.3 MB (2,429,680 bytes)

Product version:
8.0

Copyright:
Copyright © ContentExplorer 2014

Original file name:
ContentExplorer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\contentexplorer\contentexplorer.exe

Digital Signature
Signed by:
Lake Ventures LLC

Authority:
GoDaddy.com, Inc.

Valid from:
12/17/2013 3:22:44 PM

Valid to:
12/17/2014 3:22:44 PM

Subject:
CN=Lake Ventures LLC, O=Lake Ventures LLC, L=Aliso Viejo, S=California, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B14BBCA37F140

File PE Metadata
Compilation timestamp:
11/25/2014 10:00:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:0xityYPfrMP1UTKCEhwzbuUaeWMnkM76lqqjsQgptsPoACP:gYPfqeTKCVDpWMylxsQdPo

Entry address:
0x25007E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.7827

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.3 MB (2,417,152 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:51566/

Local host port:
51566

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to shp04.youappz.com  (184.154.219.234:80)

TCP (HTTP):
Connects to server-54-192-87-106.lax3.r.cloudfront.net  (54.192.87.106:80)

TCP (HTTP):
Connects to haproxy11.ca.servers.visadd.com  (167.114.83.164:80)

TCP (HTTP):
Connects to float.2491.bm-impbus.prod.lax1.adnexus.net  (68.67.129.77:80)

TCP (HTTP SSL):
Connects to edge-star-shv-05-lax1.facebook.com  (31.13.70.65:443)

TCP (HTTP):
Connects to ec2-54-84-59-197.compute-1.amazonaws.com  (54.84.59.197:80)

TCP (HTTP):
Connects to ec2-23-23-239-111.compute-1.amazonaws.com  (23.23.239.111:80)

TCP (HTTP):
Connects to ec2-23-23-172-209.compute-1.amazonaws.com  (23.23.172.209:80)

TCP (HTTP):
Connects to ec2-23-21-234-169.compute-1.amazonaws.com  (23.21.234.169:80)

TCP (HTTP):
Connects to ec2-184-73-189-196.compute-1.amazonaws.com  (184.73.189.196:80)

TCP (HTTP):
Connects to ec2-184-72-231-253.compute-1.amazonaws.com  (184.72.231.253:80)

TCP (HTTP):
Connects to ec2-174-129-27-254.compute-1.amazonaws.com  (174.129.27.254:80)

TCP (HTTP):
Connects to ec2-107-23-75-61.compute-1.amazonaws.com  (107.23.75.61:80)

TCP (HTTP):
Connects to ec2-107-23-106-244.compute-1.amazonaws.com  (107.23.106.244:80)

TCP (HTTP):
Connects to ec2-107-22-212-103.compute-1.amazonaws.com  (107.22.212.103:80)

TCP (HTTP):
Connects to ec2-107-20-244-7.compute-1.amazonaws.com  (107.20.244.7:80)

TCP (HTTP):
Connects to a23-6-182-164.deploy.static.akamaitechnologies.com  (23.6.182.164:80)

TCP (HTTP):
Connects to a209-33-235-147.deploy.akamaitechnologies.com  (209.33.235.147:80)

TCP (HTTP SSL):
Connects to a209-33-235-146.deploy.akamaitechnologies.com  (209.33.235.146:443)

TCP (HTTP):
Connects to a209-33-235-145.deploy.akamaitechnologies.com  (209.33.235.145:80)

Remove ContentExplorer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.