home

ContentExplorer.exe

Lake Ventures LLC

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application ContentExplorer.exe by Lake Ventures has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This executable runs as a local area network (LAN) Internet proxy server listening on port 49191 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Publisher:
ContentExplorer  (signed by Lake Ventures LLC)

Product:
ContentExplorer

Version:
8.0

MD5:
3afc284c22c25f647914a4ef60718d9a

SHA-1:
f42189e79da6bed3a0ff6aeeb3a35f55fbfcafb6

SHA-256:
a2ac7ffbb84616e8a5aa11e3dea6076a90e75d4a232b8e918e1cdc6a85f925d7

Scanner detections:
8 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 3:43:46 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.MSIL.Gen
7.11.141.68

Baidu Antivirus
Adware.MSIL.iBryte
4.0.3.141117

Dr.Web
Adware.iBryte.491
9.0.1.05190

ESET NOD32
MSIL/Adware.iBryte (variant)
8.10547

McAfee
Artemis!3C5098BEA3C0
5600.6943

Reason Heuristics
PUP.LakeVentures.P
14.11.17.12

Sophos
Generic PUA CJ
4.98

Trend Micro House Call
Suspicious_GEN.F47V0819
7.2.321

File size:
2.3 MB (2,429,680 bytes)

Product version:
8.0

Copyright:
Copyright © ContentExplorer 2014

Original file name:
ContentExplorer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\contentexplorer\contentexplorer.exe

Digital Signature
Signed by:
Lake Ventures LLC

Authority:
GoDaddy.com, Inc.

Valid from:
12/17/2013 5:22:44 PM

Valid to:
12/17/2014 5:22:44 PM

Subject:
CN=Lake Ventures LLC, O=Lake Ventures LLC, L=Aliso Viejo, S=California, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B14BBCA37F140

File PE Metadata
Compilation timestamp:
11/16/2014 4:00:29 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:uxitcdO7ywb5oEY/5mLcEYwJwwZHwQ6B6EK1KKHb:IdOmwbSlALLJJ7KQ6jKH7

Entry address:
0x250086

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.7825

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.3 MB (2,417,152 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49191/

Local host port:
49191

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (199.58.87.151:80)

TCP (HTTP):
Connects to ec2-54-225-246-127.compute-1.amazonaws.com  (54.225.246.127:80)

TCP (HTTP):
Connects to ec2-54-212-249-225.us-west-2.compute.amazonaws.com  (54.212.249.225:80)

TCP (HTTP SSL):
Connects to ec2-54-209-3-129.compute-1.amazonaws.com  (54.209.3.129:443)

TCP (HTTP):
Connects to ec2-54-186-124-252.us-west-2.compute.amazonaws.com  (54.186.124.252:80)

TCP (HTTP):
Connects to atl14s08-in-f0.1e100.net  (173.194.37.64:80)

TCP (HTTP):
Connects to a23-72-225-91.deploy.static.akamaitechnologies.com  (23.72.225.91:80)

Remove ContentExplorer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.