home

contentexplorer.exe

Application Genius, LLC

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application contentexplorer.exe by Application Genius has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This executable runs as a local area network (LAN) Internet proxy server listening on port 50880 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Publisher:
ContentExplorer  (signed by Application Genius, LLC)

Product:
ContentExplorer

Version:
8.0

MD5:
9565a1e3273f315bf83317524ca00127

SHA-1:
ebc01ae65639dd1ff69a53de0146b10615f0acf3

SHA-256:
2ed96d703d7725a93c3f6dcca79b994a366597112489c06a9244cd60d43ca3c6

Scanner detections:
6 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/19/2024 5:57:00 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.213.12

AVG
Generic
2016.0.3183

ESET NOD32
MSIL/Adware.iBryte.P application
7.0.302.0

Reason Heuristics
PUP.Adknowledge
15.3.2.0

Sophos
PUA 'iBryte Desktop' (of type Adware)
5.11

VIPRE Antivirus
Threat.4798837
37788

File size:
1.7 MB (1,786,440 bytes)

Product version:
8.0

Copyright:
Copyright © ContentExplorer 2014

Original file name:
ContentExplorer2.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\contentexplorer\contentexplorer.exe

Digital Signature
Signed by:
Application Genius, LLC

Authority:
GoDaddy.com, Inc.

Valid from:
12/30/2014 9:32:38 PM

Valid to:
12/29/2016 6:07:38 PM

Subject:
CN="Application Genius, LLC", O="Application Genius, LLC", L=Walnut, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
629B575CD8F3186B

File PE Metadata
Compilation timestamp:
3/1/2015 6:16:15 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:XGgFRYrDzkNozl7kyc6UeL0voLoM/oaX6EpEKSG1nthJtXCn9C8oby:2bRlkyclwF/BZE/G7on9CM

Entry address:
0x1B245A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.7 MB (1,771,008 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:50880/

Local host port:
50880

Default credentials:
No


Remove contentexplorer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.